From: Al Viro <viro@ZenIV.linux.org.uk>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: sds@tycho.nsa.gov, miklos@szeredi.hu, serue@us.ibm.com,
jmorris@namei.org, linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org, akpm@linux-foundation.org,
linux-kernel@vger.kernel.org, takedakn@nttdata.co.jp,
haradats@nttdata.co.jp
Subject: Re: [RFC] Add "reason" parameter to mnt_want_write().
Date: Sat, 6 Dec 2008 05:53:42 +0000 [thread overview]
Message-ID: <20081206055342.GL28946@ZenIV.linux.org.uk> (raw)
In-Reply-To: <200812061425.GIH12430.FMOFOVFSJtHQLO@I-love.SAKURA.ne.jp>
On Sat, Dec 06, 2008 at 02:25:01PM +0900, Tetsuo Handa wrote:
> We want to allow LSM modules to perform MAC which takes an absolute pathname of
> a requested file into account. Since we can't pass "struct vfsmount" to VFS
> helper functions, we are trying to somehow pass "struct vfsmount"'s pathnames
> instead of "struct vfsmount" itself.
>
> The mnt_want_write() and mnt_drop_write() hooks are inserted around VFS helper
> functions call. Thus, I think we can insert security_path_set() into
> mnt_want_write() and secuity_path_clear() into mnt_drop_write() rather than
> scattering security_path_set() and security_path_clear() all around the places.
No. Use separate set of hooks AND PASS vfsmount DIRECTLY TO THEM. Damnit,
people, just how many times does it have to be repeated?
Any version that pulls that class of tricks is no-go. I don't _CARE_ whether
you hide vfsmount in task struct, do the same with string, send yourself a
datagram over magic socket or mail it to kludges-R-US.webtv.com, downloading
it back in LSM hook.
It's not a problem with implementation; it's a problem with the kludge
itself *and* with having the effect of vfs_mkdir() et.al. dependent on
anything except the arguments it's getting.
Adding global context of that kind is every bit as wrong as passing vfsmount
(or absolute pathname, or...) to vfs_mkdir() and its ilk. It's worse,
actually, since it has an extra helping of ugliness on top of doing the
wrong thing.
next prev parent reply other threads:[~2008-12-06 5:53 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20081120112543.799450455@I-love.SAKURA.ne.jp>
[not found] ` <20081120112727.557697893@I-love.SAKURA.ne.jp>
[not found] ` <1228161612.18720.211.camel@moss-spartans.epoch.ncsc.mil>
[not found] ` <200812021939.FFC05200.OVQJSOMtFFHLFO@I-love.SAKURA.ne.jp>
[not found] ` <1228225719.26101.52.camel@moss-spartans.epoch.ncsc.mil>
[not found] ` <49364808.1070907@nttdata.co.jp>
2008-12-03 8:56 ` [PATCH (mmotm-2008-12-02-17-08)] Introduce security_path_set/clear() hooks Kentaro Takeda
2008-12-03 14:13 ` Stephen Smalley
2008-12-04 12:00 ` Tetsuo Handa
2008-12-04 18:20 ` Serge E. Hallyn
2008-12-04 21:41 ` [PATCH (mmotm-2008-12-02-17-08)] Introducesecurity_path_set/clear() hooks Tetsuo Handa
2008-12-05 21:53 ` [PATCH (mmotm-2008-12-02-17-08)] Introduce security_path_set/clear() hooks Stephen Smalley
2008-12-05 23:27 ` Tetsuo Handa
2008-12-06 5:25 ` [RFC] Add "reason" parameter to mnt_want_write() Tetsuo Handa
2008-12-06 5:53 ` Al Viro [this message]
2008-12-06 6:16 ` [PATCH (mmotm-2008-12-02-17-08)] Introduce security_path_set/clear() hooks Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081206055342.GL28946@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=haradats@nttdata.co.jp \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=sds@tycho.nsa.gov \
--cc=serue@us.ibm.com \
--cc=takedakn@nttdata.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).