Re: [PATCH] split security_key_alloc into two functions

Quoting Stephen Smalley (sds@xxxxxxxxxxxxx):
On Tue, 2006-03-28 at 07:05 -0600, Serge E. Hallyn wrote:
The security_key_alloc() function acted as both an authorizer and
security structure allocation function. These roles should be
separated. There are two reasons for this.

First, if two modules are stacked, the first module might grant
permission and allocate security data, after which the second
module refuses permission.

Second, by adding a security_post_alloc() function after the
serial number has been assigned, security modules can append
useful info.

Are you sure that the key cannot be accessed (looked up) by another
process as soon as it is assigned a serial number? If it can be, then
you risk having it accessed before its security structure is set up.

Ah, that makes sense, and even rings a bell.

So if we were to add a post_alloc() hook, it should likely go into
key_alloc_serial() under the key_serial_lock?

Still assuming that storing the serial number is desirable...

thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/