[redhat-lspp] security context in audit records (audit.39 kernel)
Stephen Smalley
sds at tycho.nsa.gov
Wed May 18 20:18:46 UTC 2005
On Tue, 2005-05-17 at 15:17 -0500, Daniel H. Jones wrote:
> diff -ruN kernel-2.6.9/linux-2.6.9/ipc/msg.c kernel-2.6.9-5.0.3.EL.audit.39/linux-2.6.9/ipc/msg.c
> --- kernel-2.6.9/linux-2.6.9/ipc/msg.c 2005-05-17 09:26:54.000000000 -0500
> +++ kernel-2.6.9-5.0.3.EL.audit.39/linux-2.6.9/ipc/msg.c 2005-05-17 10:52:19.000000000 -0500
> @@ -440,6 +440,13 @@
> if (msq == NULL)
> goto out_up;
>
> + ipcp = &msq->q_perm;
> +
> + if (cmd == IPC_SET) {
> + if ((err = audit_ipc_security_context(ipcp)))
> + goto out_unlock_up;
> + }
> +
> err = -EIDRM;
> if (msg_checkid(msq,msqid))
> goto out_unlock_up;
I don't think that this hook placement (or similar ones for the other
IPC objects) is safe - the allocation of the context may sleep, but the
IPC code is holding a spinlock on the IPC object. Make sure you have
sleep-inside-spinlock checking enabled under Kernel hacking in your
kernel configuration.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list