linux-security-module November 2007 archive
Main Archive Page > Month Archives  > linux-security-module archives
linux-security-module: [PATCH 0/2] getsecurity/vfs_getxattr clea

[PATCH 0/2] getsecurity/vfs_getxattr cleanup V2

From: David P. Quigley <dpquigl_at_nospam>
Date: Thu Nov 01 2007 - 14:35:04 GMT
To: linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org, jmorris@namei.org, sds@tycho.nsa.gov, serue@us.ibm.com, akpm@linux-foundation.org


This patch series addresses two concerns. Currently when a developer wishes to obtain a security blob from the LSM he/she has to guess at the length of the blob being returned. We modify security_inode_getsecurity to return an appropriately sized buffer populated with the security information and the length of that buffer. This is similar to the approach taken by Al Viro for the security_getprocattr hook.

The second concern that this patch set addresses is that vfs_getxattr reads the security xattr using inode_getxattr and then proceeds to clobber it with a subsequent call to the LSM. This is fixed by reordering vfs_getxattr.

The difference between this patch and version one can be seen in two places. As per James Morris's suggestion function declarations that were split into multiple lines because they were larger than 80 characters in length have been merged into one line. Second as per Serge's comments security_inode_getsecurity and the LSM hook inode_getsecurity take a bool to indicate if the function should allocate the buffer and return the length or just return the length.

This patch should apply on top of 2.6.24-rc1 and will definitely apply on git commit hash ec3b67c11df42362ccda81261d62829042f223f0

If all concerns have been addressed I would propose the patches be added into -mm.

-
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html