Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261824AbVBIOLY (ORCPT ); Wed, 9 Feb 2005 09:11:24 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261825AbVBIOLY (ORCPT ); Wed, 9 Feb 2005 09:11:24 -0500 Received: from vds-320151.amen-pro.com ([62.193.204.86]:36589 "EHLO vds-320151.amen-pro.com") by vger.kernel.org with ESMTP id S261824AbVBIOLT (ORCPT ); Wed, 9 Feb 2005 09:11:19 -0500 Subject: Re: [PATCH] New sys_chmod() hook for the LSM framework From: Lorenzo =?ISO-8859-1?Q?Hern=E1ndez_?= =?ISO-8859-1?Q?Garc=EDa-Hierro?= To: Chris Wright Cc: "linux-kernel@vger.kernel.org" , "linux-security-module@wirex.com" In-Reply-To: <20050208161530.F469@build.pdx.osdl.net> References: <1107879275.3754.279.camel@localhost.localdomain> <20050208161530.F469@build.pdx.osdl.net> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-zPbJSgdMhldBDyAdZooW" Date: Wed, 09 Feb 2005 15:10:54 +0100 Message-Id: <1107958254.3754.292.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1795 Lines: 50 --=-zPbJSgdMhldBDyAdZooW Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable El mar, 08-02-2005 a las 16:15 -0800, Chris Wright escribi=F3: > * Lorenzo Hern=E1ndez Garc=EDa-Hierro (lorenzo@gnu.org) wrote: > > As commented yesterday, I was going to release a few more hooks for som= e > > *critical* syscalls, this one adds a hook to sys_chmod(), and makes us > > able to apply checks and logics before releasing the operation to > > sys_chmod(). >=20 > This is exactly the kind of hook we've tried to avoid. This is really > asking for permission to alter inode attribute data. This type of > hook is incomplete because there are other ways to alter this data, > and this access is already controlled by the inode_setattr hook (as > Tony mentioned). So this is a no go. Right, the patch is no longer available as notify_change grabs the inode_setattr hook returned data. Did you checked the other one on sys_chroot()? (I've updated it a day or so ago). Cheers, thanks for commenting on it. --=20 Lorenzo Hern=E1ndez Garc=EDa-Hierro =20 [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org] --=-zPbJSgdMhldBDyAdZooW Content-Type: application/pgp-signature; name=signature.asc Content-Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBCChnuDcEopW8rLewRAikPAJ48KENE4CfeuSwHvlsbvF8JC7NV0ACfUkTj 8J16RLqS+FLMdWBwJh0r2n8= =Lx2w -----END PGP SIGNATURE----- --=-zPbJSgdMhldBDyAdZooW-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/