On Wed, 30 May 2007, Andrew Morton wrote: > On Wed, 30 May 2007 09:15:01 +0200 > Jens Axboe <[EMAIL PROTECTED]> wrote: > > > On Tue, May 29 2007, James Morris wrote: > > > Revalidate read/write permissions for splice(2) and vmslice(2), in case > > > security policy has changed since the files were opened. > > > > I guess it was inevitably going to happen :-) > > > > Signed-off-by: Jens Axboe <[EMAIL PROTECTED]> > > > > Probably acked-by was more appropriate. > > James, is this considered needed-for-2.6.22?
No, it's tightening things up. We don't have full revocation in any case, and the primary security check is performed on open. > > + ret = security_file_permission(out, MAY_WRITE); > > + if (unlikely(ret < 0)) > > + return ret; > > > ot: all the unlikely()s are irksome. I wonder if there was some way of > doing this in security_file_permission() instead. eg: This is the only place where we do this -- it's to remain consistent with the surrounding splice code, which does this for other checks. Given that it's calling out to a typically non-trivial security module, it may be better to remove the unlikelys here. - James -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
