On Saturday 17 November 2007 11:00:20 pm Tetsuo Handa wrote: > Hello. Hello.
> Paul Moore wrote: > > Okay, well if that is the case I think you are going to have another > > problem in that you could end up throwing away skbs that haven't been > > through your security_post_recv_datagram() hook because you _always_ > > throw away the result of the second skb_peek(). Once again, if I'm wrong > > please correct me. > > I didn't understand what's wrong with throwing away the result of > the second skb_peek(). My concern is that you stated earlier that you needed to do the second skb_peek() because the first skb may have been removed from the socket queue while your LSM was making an access decision in security_post_recv_datagram(). If that is the case then the second call to skb_peek() will return a different skb then the one you passed to security_post_recv_datagram(). This is significant because you always throw away this second skb without first consulting the LSM via security_post_recv_datagram(). -- paul moore linux security @ hp - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
