Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752718Ab1ECWCk (ORCPT ); Tue, 3 May 2011 18:02:40 -0400 Received: from g4t0015.houston.hp.com ([15.201.24.18]:4992 "EHLO g4t0015.houston.hp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750862Ab1ECWCi (ORCPT ); Tue, 3 May 2011 18:02:38 -0400 From: Paul Moore Organization: Hewlett-Packard To: Samir Bellabes Subject: Re: [RFC v3 02/10] Revert "lsm: Remove the socket_post_accept() hook" Date: Tue, 3 May 2011 18:02:34 -0400 User-Agent: KMail/1.13.7 (Linux/2.6.38-gentoo-r2; KDE/4.6.2; x86_64; ; ) Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, jamal , Patrick McHardy , Evgeniy Polyakov , Grzegorz Nosek References: <1304432663-1575-1-git-send-email-sam@synack.fr> <1304432663-1575-3-git-send-email-sam@synack.fr> In-Reply-To: <1304432663-1575-3-git-send-email-sam@synack.fr> MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <201105031802.34724.paul.moore@hp.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 5639 Lines: 139 On Tuesday, May 03, 2011 10:24:15 AM Samir Bellabes wrote: > snet needs to reintroduce this hook, as it was designed to be: a hook for > updating security informations on objects. Looking at this and 5/10 again, it seems that you should be able to do what you need with the sock_graft() hook. Am I missing something? My apologies if we've already discussed this approach previously ... > Originally, This was a direct revert of commit > 8651d5c0b1f874c5b8307ae2b858bc40f9f02482. > > But from the comment of Tetsuo Handa : > > Please move security_socket_post_accept() to before fd_install(). > > Otherwise, other threads which share fd tables can use > > security-informations-not-yet-updated accept()ed sockets. > > Signed-off-by: Samir Bellabes > Acked-by: Serge Hallyn > > snet needs to reintroduce this hook, as it was designed to be: a hook for > updating security informations on objects. > > Signed-off-by: Samir Bellabes > --- > include/linux/security.h | 13 +++++++++++++ > net/socket.c | 2 ++ > security/capability.c | 5 +++++ > security/security.c | 5 +++++ > 4 files changed, 25 insertions(+), 0 deletions(-) > > diff --git a/include/linux/security.h b/include/linux/security.h > index da0d59e..02effe5 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -875,6 +875,11 @@ static inline void security_free_mnt_opts(struct > security_mnt_opts *opts) * @sock contains the listening socket structure. > * @newsock contains the newly created server socket for connection. > * Return 0 if permission is granted. > + * @socket_post_accept: > + * This hook allows a security module to copy security > + * information into the newly created socket's inode. > + * @sock contains the listening socket structure. > + * @newsock contains the newly created server socket for connection. > * @socket_sendmsg: > * Check permission before transmitting a message to another socket. > * @sock contains the socket structure. > @@ -1587,6 +1592,8 @@ struct security_operations { > struct sockaddr *address, int addrlen); > int (*socket_listen) (struct socket *sock, int backlog); > int (*socket_accept) (struct socket *sock, struct socket *newsock); > + void (*socket_post_accept) (struct socket *sock, > + struct socket *newsock); > int (*socket_sendmsg) (struct socket *sock, > struct msghdr *msg, int size); > int (*socket_recvmsg) (struct socket *sock, > @@ -2555,6 +2562,7 @@ int security_socket_bind(struct socket *sock, struct > sockaddr *address, int addr int security_socket_connect(struct socket > *sock, struct sockaddr *address, int addrlen); int > security_socket_listen(struct socket *sock, int backlog); > int security_socket_accept(struct socket *sock, struct socket *newsock); > +void security_socket_post_accept(struct socket *sock, struct socket > *newsock); int security_socket_sendmsg(struct socket *sock, struct msghdr > *msg, int size); int security_socket_recvmsg(struct socket *sock, struct > msghdr *msg, int size, int flags); > @@ -2640,6 +2648,11 @@ static inline int security_socket_accept(struct > socket *sock, return 0; > } > > +static inline void security_socket_post_accept(struct socket *sock, > + struct socket *newsock) > +{ > +} > + > static inline int security_socket_sendmsg(struct socket *sock, > struct msghdr *msg, int size) > { > diff --git a/net/socket.c b/net/socket.c > index d588e9e..7807904 100644 > --- a/net/socket.c > +++ b/net/socket.c > @@ -1535,6 +1535,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr > __user *, upeer_sockaddr, goto out_fd; > } > > + security_socket_post_accept(sock, newsock); > + > /* File flags are not inherited via accept() unlike another OSes. */ > > fd_install(newfd, newfile); > diff --git a/security/capability.c b/security/capability.c > index 1f8bbe2..da68c60 100644 > --- a/security/capability.c > +++ b/security/capability.c > @@ -593,6 +593,10 @@ static int cap_socket_accept(struct socket *sock, > struct socket *newsock) return 0; > } > > +static void cap_socket_post_accept(struct socket *sock, struct socket > *newsock) +{ > +} > + > static int cap_socket_sendmsg(struct socket *sock, struct msghdr *msg, int > size) { > return 0; > @@ -1022,6 +1026,7 @@ void __init security_fixup_ops(struct > security_operations *ops) set_to_cap_if_null(ops, socket_connect); > set_to_cap_if_null(ops, socket_listen); > set_to_cap_if_null(ops, socket_accept); > + set_to_cap_if_null(ops, socket_post_accept); > set_to_cap_if_null(ops, socket_sendmsg); > set_to_cap_if_null(ops, socket_recvmsg); > set_to_cap_if_null(ops, socket_getsockname); > diff --git a/security/security.c b/security/security.c > index 84187d8..eda2b75 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -1038,6 +1038,11 @@ int security_socket_accept(struct socket *sock, > struct socket *newsock) return security_ops->socket_accept(sock, newsock); > } > > +void security_socket_post_accept(struct socket *sock, struct socket > *newsock) +{ > + security_ops->socket_post_accept(sock, newsock); > +} > + > int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int > size) { > return security_ops->socket_sendmsg(sock, msg, size); -- paul moore linux @ hp -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/