From: Chris Wright <chrisw@osdl.org>
To: James Morris <jmorris@redhat.com>
Cc: "David S. Miller" <davem@redhat.com>,
kuznet@ms2.inr.ac.ru, linux-security-module@wirex.com,
Stephen Smalley <sds@epoch.ncsc.mil>,
netdev@oss.sgi.com
Subject: Re: [RFC] SO_PEERSEC - security credentials for Unix stream sockets
Date: Fri, 12 Dec 2003 16:16:17 -0800 [thread overview]
Message-ID: <20031212161617.C24246@osdlab.pdx.osdl.net> (raw)
In-Reply-To: <Xine.LNX.4.44.0312101110010.27922-100000@thoron.boston.redhat.com>; from jmorris@redhat.com on Wed, Dec 10, 2003 at 11:33:53AM -0500
* James Morris (jmorris@redhat.com) wrote:
> Below is a patch against 2.6.0-test11 which implements a new socket option
> SO_PEERSEC (defined for i386 only at this stage).
Thanks for doing this James. In your example demonstration, you simply
print the peersec string. Do you expect to use with simple comparison
against something like data from procattr, or something else? IOW,
does this introduce any new namespace issues for apps?
> +static inline int security_sk_alloc_security(struct sock *sk, int family, int priority)
> +static inline void security_sk_free_security(struct sock *sk)
minor nit. these names are inconsistent with the existing analogous ones.
how about simply, security_sk_alloc and security_sk_free?
> +++ linux-2.6.0-test11.w2/net/core/sock.c 2003-12-10 09:55:39.378901360 -0500
> @@ -564,6 +564,9 @@
> v.val = sk->sk_state == TCP_LISTEN;
> break;
>
> + case SO_PEERSEC:
> + return security_socket_getpeersec(sock, optval, len);
> +
Would it be useful to ask the module to update len as is done in some
other cases. Perhaps buffer is too small, can len be vector for that info?
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
next prev parent reply other threads:[~2003-12-13 0:16 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-10 16:33 [RFC] SO_PEERSEC - security credentials for Unix stream sockets James Morris
2003-12-10 22:56 ` David S. Miller
2003-12-12 14:25 ` James Morris
2003-12-13 0:16 ` Chris Wright [this message]
2003-12-13 3:44 ` James Morris
2003-12-16 1:32 ` Chris Wright
2003-12-16 13:19 ` James Morris
2003-12-16 13:47 ` Stephen Smalley
2003-12-16 19:43 ` James Morris
2003-12-16 17:49 ` Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031212161617.C24246@osdlab.pdx.osdl.net \
--to=chrisw@osdl.org \
--cc=davem@redhat.com \
--cc=jmorris@redhat.com \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-security-module@wirex.com \
--cc=netdev@oss.sgi.com \
--cc=sds@epoch.ncsc.mil \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).