security hook missing in compat ioctl in 2.6.11-rc1-mm2

From: Michael S. Tsirkin
Date: Thu Jan 20 2005 - 19:13:46 EST

Next message: Chris Wright: "Re: security hook missing in compat ioctl in 2.6.11-rc1-mm2"
Previous message: Benjamin Herrenschmidt: "Re: Radeon framebuffer weirdness in -mm2"
In reply to: Christoph Hellwig: "Re: 2.6.11-rc1-mm2"
Next in thread: Chris Wright: "Re: security hook missing in compat ioctl in 2.6.11-rc1-mm2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!
Security hook seems to be missing before compat_ioctl in mm2.
And, it would be nice to avoid calling it twice on some paths.

Chris Wright's patch addressed this in the most elegant way I think,
by adding vfs_ioctl.

Accordingly, this change:

@@ -468,6 +496,11 @@ asmlinkage long compat_sys_ioctl(unsigne

found_handler:
if (t->handler) {
+ /* RED-PEN how should LSM module know it's handling 32bit? */
+ error = security_file_ioctl(filp, cmd, arg);
+ if (error)
+ goto out_fput;
+
lock_kernel();
error = t->handler(fd, cmd, arg, filp);
unlock_kernel();

from Andy's "some fixes" patch wont be needed.

Chris - are you planning to update your patch to -rc1-mm2?
I'd like to see this addressed, after this I believe logically
we'll get everything right, then I have a couple of small
cosmetic patches, and I believe we'll be set.

--
I dont speak for Mellanox.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "Re: security hook missing in compat ioctl in 2.6.11-rc1-mm2"
Previous message: Benjamin Herrenschmidt: "Re: Radeon framebuffer weirdness in -mm2"
In reply to: Christoph Hellwig: "Re: 2.6.11-rc1-mm2"
Next in thread: Chris Wright: "Re: security hook missing in compat ioctl in 2.6.11-rc1-mm2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]