[SELINUX][PATCH 2/4] Fine-grained Netlink support - movesecurity_netlink_send() hook.

From: James Morris
Date: Tue Jun 15 2004 - 21:55:53 EST

Next message: James Morris: "[SELINUX][PATCH 1/4] Fine-grained Netlink support - SELinux headersupdate"
Previous message: foo: "Re: processes hung in D (raid5/dm/ext3)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch moves the security_netlink_send() LSM hook after the user copy,
so that LSM modules can safely examine skb payload content. For SELinux,
we need to look at the Netlink message type.

Please apply.

Signed-off-by: James Morris <jmorris@xxxxxxxxxx>

net/netlink/af_netlink.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)

diff -purN -X dontdiff linux-2.6.7-rc3.p/net/netlink/af_netlink.c linux-2.6.7-rc3.w/net/netlink/af_netlink.c
--- linux-2.6.7-rc3.p/net/netlink/af_netlink.c 2004-06-07 18:54:14.000000000 -0400
+++ linux-2.6.7-rc3.w/net/netlink/af_netlink.c 2004-06-09 10:44:25.682210736 -0400
@@ -728,14 +728,14 @@ static int netlink_sendmsg(struct kiocb
to corresponding kernel module. --ANK (980802)
*/

- err = security_netlink_send(skb);
- if (err) {
+ err = -EFAULT;
+ if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) {
kfree_skb(skb);
goto out;
}

- err = -EFAULT;
- if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) {
+ err = security_netlink_send(skb);
+ if (err) {
kfree_skb(skb);
goto out;
}

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Morris: "[SELINUX][PATCH 1/4] Fine-grained Netlink support - SELinux headersupdate"
Previous message: foo: "Re: processes hung in D (raid5/dm/ext3)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]