Re: [PATCH] split security_key_alloc into two functions

[Serge E. Hallyn]

Quoting Stephen Smalley (sds@xxxxxxxxxxxxx):
> On Tue, 2006-03-28 at 07:05 -0600, Serge E. Hallyn wrote:
> > The security_key_alloc() function acted as both an authorizer and
> > security structure allocation function.  These roles should be
> > separated.  There are two reasons for this.
> > 
> > First, if two modules are stacked, the first module might grant
> > permission and allocate security data, after which the second
> > module refuses permission.
> > 
> > Second, by adding a security_post_alloc() function after the
> > serial number has been assigned, security modules can append
> > useful info.
> 
> Are you sure that the key cannot be accessed (looked up) by another
> process as soon as it is assigned a serial number?  If it can be, then
> you risk having it accessed before its security structure is set up.

Ah, that makes sense, and even rings a bell.

So if we were to add a post_alloc() hook, it should likely go into
key_alloc_serial() under the key_serial_lock?

Still assuming that storing the serial number is desirable...

thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/