| To: | Chris Wright <chrisw@xxxxxxxx> |
|---|---|
| Subject: | Re: [RFC][PATCH 1/3] netlink check sender |
| From: | Stephen Smalley <sds@xxxxxxxxxxxxxx> |
| Date: | Mon, 14 Feb 2005 07:59:59 -0500 |
| Cc: | netdev@xxxxxxxxxxx, davem@xxxxxxxxxxxxx, James Morris <jmorris@xxxxxxxxxx>, "Serge E. Hallyn" <serue@xxxxxxxxxx> |
| In-reply-to: | <20050212010243.W24171@xxxxxxxxxxxxxxxxxx> |
| Organization: | National Security Agency |
| References: | <20050212010109.V24171@xxxxxxxxxxxxxxxxxx> <20050212010243.W24171@xxxxxxxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
On Sat, 2005-02-12 at 04:02, Chris Wright wrote:
> ===== net/netlink/af_netlink.c 1.69 vs edited =====
> --- 1.69/net/netlink/af_netlink.c 2005-01-21 12:25:32 -08:00
> +++ edited/net/netlink/af_netlink.c 2005-02-11 18:05:59 -08:00
> int netlink_sendskb(struct sock *sk, struct sk_buff *skb, int protocol)
> {
> struct netlink_opt *nlk;
> - int len = skb->len;
> -
> + int err, len = skb->len;
> +
> nlk = nlk_sk(sk);
> +
> + printk("%s: %s(%d) send_check %p\n", __FUNCTION__, current->comm,
> current->pid, nlk->check_sender);
> + if (nlk->check_sender)
> + if ((err = nlk->check_sender(skb))) {
> + netlink_detachskb(sk, skb);
> + return err;
> + }
> +
printk() is a leftover from debugging, I assume.
Why place the check_sender() call here vs. just replacing the existing
security_netlink_send() call in netlink_sendmsg() with this new call?
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: IP More Fragements bit problem., Vincent Roqueta |
|---|---|
| Next by Date: | Re: [RFC][PATCH 1/3] netlink check sender, Stephen Smalley |
| Previous by Thread: | Re: [RFC][PATCH 2/3] netlink check sender, audit, Chris Wright |
| Next by Thread: | Re: [RFC][PATCH 1/3] netlink check sender, Stephen Smalley |
| Indexes: | [Date] [Thread] [Top] [All Lists] |