* Stephen Smalley (sds@xxxxxxxxxxxxxx) wrote:
> On Sat, 2005-02-12 at 04:02, Chris Wright wrote:
> > ===== net/netlink/af_netlink.c 1.69 vs edited =====
> > --- 1.69/net/netlink/af_netlink.c 2005-01-21 12:25:32 -08:00
> > +++ edited/net/netlink/af_netlink.c 2005-02-11 18:05:59 -08:00
> > int netlink_sendskb(struct sock *sk, struct sk_buff *skb, int protocol)
> > {
> > struct netlink_opt *nlk;
> > - int len = skb->len;
> > -
> > + int err, len = skb->len;
> > +
> > nlk = nlk_sk(sk);
> > +
> > + printk("%s: %s(%d) send_check %p\n", __FUNCTION__, current->comm,
> > current->pid, nlk->check_sender);
> > + if (nlk->check_sender)
> > + if ((err = nlk->check_sender(skb))) {
> > + netlink_detachskb(sk, skb);
> > + return err;
> > + }
> > +
>
> printk() is a leftover from debugging, I assume.
Heh, yeah, just leftover gargabe.
> Why place the check_sender() call here vs. just replacing the existing
> security_netlink_send() call in netlink_sendmsg() with this new call?
That's fine, however it needs to be this late, to get the receiver looked up.
I think the sk would change in _send hook, so for RFC, I just left them
separate. Ideal would be complete consolidation.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
|