* James Morris <[EMAIL PROTECTED]> 2006-05-31 11:42
> On Wed, 31 May 2006, jamal wrote:
>
> > To also answer your other email:
> > Look at security/selinux/nlmsgtab.c for example for NETLINK_ROUTE
> > and compare with NETLINK_GENERIC to see the hole. I was suggesting if
> > we started by just adding checks for NETLINK_GENERIC first in those
> > tables (currently lacking), that would be a good start.
>
> They're currently mediated as a generic netlink socket type at a higher
> level: they're not unmediated, just not fine grained enough to know what
> kind of message is being sent.
It shouldn't be hard to split what is implemented in nlmsg_route_perms[]
for NETLINK_ROUTE into the definitions of the generic netlink
operations, could look like this:
struct genl_ops some_op = {
[...]
.perm = NETLINK_GENERIC_SOCKET__NLMSG_READ,
};
int genl_lookup_perm(u16 nlmsg_type, u8 cmd)
{
struct genl_family *family;
struct genl_ops *ops;
family = genl_family_find_byid(nlmsg_type);
ops = genl_get_cmd(cmd, family);
return ops->perm;
}
int genl_peek_cmd(struct nlmsghdr *nlh)
{
struct genlmsghdr *hdr = nlmsg_data(nlh);
if (nlh->nlmsglen < nlmsg_msg_sizeo(GENL_HDRLEN))
return -EINVAL;
return hdr->cmd;
}
selinux_lookup() must take struct nlmsghdr as an additional argument
case SECCLASS_NETLINK_GENERIC_SOCKET:
cmd = genl_peek_cmd(nlh)
*perm = genl_lookup_perm(nlmsg_type, cmd);
break;
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
