[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Two netlink patches



Quoting Chris Wright (chrisw osdl org):
> > Shouldn't this function return -EPERM in the default case, not the
> > msgtype?
> 
> Should be -EINVAL according to original code.

Ok.

> I really dislike duplicating code.  I agree it should be put in a
> central location.  Does it really need to be broken out into the
> security framework?  Why not place it in audit itself?
> 
> Just a simple helper:
> 
> int audit_netlink_ok(struct nlmsghdr *nlh)
> {
> 	int err = -EINVAL;
> 
> 	if (audit_bad_header(nlh))
> 		goto out;
> 
> 	err = 0;
> 	switch() {
> 		ok:
> 			break;
> 		capable:
> 			if (!capable())
> 				err = -EPERM;
> 			break;
> 		default:
> 			err = -EINVAL;
> 			break;
> 	}
> out:
> 	return err;
> }

The problem with this is that audit admin != sysadmin, so we
instantly preventing linux from achieving, say, MRMLOSPP.  But
if we just replace "if (!capable()) err = -EPERM" with a new
lsm hook, then we can still consolidate some of the code in
audit_netlink_ok(nlh).

thoughts?

thanks,
-serge


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]