Date: Tue, 8 Feb 2005 16:15:30 -0800
From: Chris Wright <chrisw@osdl.org>
To: =?iso-8859-1?Q?Lorenzo_Hern=E1ndez_Garc=EDa-Hierro?= 
	<lorenzo@gnu.org>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
       "linux-security-module@wirex.com" <linux-security-module@wirex.com>
Subject: Re: [PATCH] New sys_chmod() hook for the LSM framework
Message-ID: <20050208161530.F469@build.pdx.osdl.net>
References: <1107879275.3754.279.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <1107879275.3754.279.camel@localhost.localdomain>; from lorenzo@gnu.org on Tue, Feb 08, 2005 at 05:14:35PM +0100
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 943
Lines: 21

* Lorenzo Hern?ndez Garc?a-Hierro (lorenzo@gnu.org) wrote:
> As commented yesterday, I was going to release a few more hooks for some
> *critical* syscalls, this one adds a hook to sys_chmod(), and makes us
> able to apply checks and logics before releasing the operation to
> sys_chmod().

This is exactly the kind of hook we've tried to avoid.  This is really
asking for permission to alter inode attribute data.  This type of
hook is incomplete because there are other ways to alter this data,
and this access is already controlled by the inode_setattr hook (as
Tony mentioned).  So this is a no go.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/