Subject: [PATCH] Trusted Path Execution LSM 0.2 (20050108)

Hi,

Serge E. Hallyn contributed a patch for fix a few problems of the
kernel-configuration level support for the trusted group (outside the
groups acl support).

As suggested by Stephen D. Smalley, I've updated the file_mmap hook
checks logic, as some of statements are not needed if the initial struct
is present.

The new patch is attached, but again, extra information and
documentation can be found at http://selinux.tuxedo-es.org/tpe-lsm/ .

References (for initial release information):

[1]: http://lkml.org/lkml/2005/1/5/307 (original thread)

Please apply.

Cheers, -- Lorenzo Hern?ndez Garc?a-Hierro <[email protected]>
[1024D/6F2B2DEC] [2048g/9AE91A22] Hardened Debian head developer &
project manager

Attachments:
tpe-20050108.patch (41.09 kB)
 signature.asc (189.00 B)
Esta parte del mensaje est? firmada digitalmente Download all attachments

2005-01-11 19:56:12

by Steve G

[permalink] [raw]
Subject: Re: [PATCH] Trusted Path Execution LSM 0.2 (20050108)

This patch leaks memory in the error paths. For example:

+static ssize_t trustedlistadd_read_file(struct tpe_list *list, char *buf)
+{
<snip>
+ char *buffer = kmalloc(400, GFP_KERNEL);
+
+ user = (char *)__get_free_page(GFP_KERNEL);
+ if (!user)
+ return -ENOMEM;

There's several of these.

-Steve Grubb



__________________________________
Do you Yahoo!?
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com

2005-01-11 20:33:38

by Chris Wright

[permalink] [raw]
Subject: Re: [PATCH] Trusted Path Execution LSM 0.2 (20050108)

* Steve G ([email protected]) wrote:
> This patch leaks memory in the error paths. For example:
>
> +static ssize_t trustedlistadd_read_file(struct tpe_list *list, char *buf)
> +{
> <snip>
> + char *buffer = kmalloc(400, GFP_KERNEL);
> +
> + user = (char *)__get_free_page(GFP_KERNEL);
> + if (!user)
> + return -ENOMEM;

Helps to inform the author ;-)

-chris

Subject: Re: [PATCH] Trusted Path Execution LSM 0.2 (20050108)

Hi,

El mar, 11-01-2005 a las 12:33 -0800, Chris Wright escribi?:
> * Steve G ([email protected]) wrote:
> > This patch leaks memory in the error paths. For example:
> >
> > +static ssize_t trustedlistadd_read_file(struct tpe_list *list, char *buf)
> > +{
> > <snip>
> > + char *buffer = kmalloc(400, GFP_KERNEL);
> > +
> > + user = (char *)__get_free_page(GFP_KERNEL);
> > + if (!user)
> > + return -ENOMEM;
>
> Helps to inform the author ;-)

It's fixed now and i will update the patches ASAP.

Next time it would be better to CC me directly, but anyway, thanks for
reporting this, as much as you mess it up, it's as much as i will work
to make it better ;).

Cheers,
--
Lorenzo Hern?ndez Garc?a-Hierro <[email protected]> [1024D/6F2B2DEC]
[2048g/9AE91A22] Hardened Debian head developer & project manager

Attachments:
signature.asc (189.00 B)
Esta parte del mensaje est? firmada digitalmente