* Michael S. Tsirkin ([EMAIL PROTECTED]) wrote:
> Hi!
> Security hook seems to be missing before compat_ioctl in mm2.
> And, it would be nice to avoid calling it twice on some paths.
>
> Chris Wright's patch addressed this in the most elegant way I think,
> by adding vfs_ioctl.
>
> Accordingly, this change:
>
> @@ -468,6 +496,11 @@ asmlinkage long compat_sys_ioctl(unsigne
>
> found_handler:
> if (t->handler) {
> + /* RED-PEN how should LSM module know it's handling 32bit? */
> + error = security_file_ioctl(filp, cmd, arg);
> + if (error)
> + goto out_fput;
> +
> lock_kernel();
> error = t->handler(fd, cmd, arg, filp);
> unlock_kernel();
>
> from Andy's "some fixes" patch wont be needed.
>
> Chris - are you planning to update your patch to -rc1-mm2?
> I'd like to see this addressed, after this I believe logically
> we'll get everything right, then I have a couple of small
> cosmetic patches, and I believe we'll be set.
Yes, Andrew asked me to wait until mm2 came out, so I'll rediff and send
shortly.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
