| To: | Stephen Smalley <sds@xxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [RFC][PATCH 1/3] netlink check sender |
| From: | Chris Wright <chrisw@xxxxxxxx> |
| Date: | Mon, 14 Feb 2005 16:22:01 -0800 |
| Cc: | Chris Wright <chrisw@xxxxxxxx>, netdev@xxxxxxxxxxx, davem@xxxxxxxxxxxxx, James Morris <jmorris@xxxxxxxxxx>, "Serge E. Hallyn" <serue@xxxxxxxxxx> |
| In-reply-to: | <1108386320.15437.22.camel@moss-spartans.epoch.ncsc.mil> |
| References: | <20050212010109.V24171@build.pdx.osdl.net> <20050212010243.W24171@build.pdx.osdl.net> <1108385999.15437.18.camel@moss-spartans.epoch.ncsc.mil> <1108386320.15437.22.camel@moss-spartans.epoch.ncsc.mil> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mutt/1.5.6i |
* Stephen Smalley (sds@xxxxxxxxxxxxx) wrote: > On Mon, 2005-02-14 at 07:59, Stephen Smalley wrote: > > printk() is a leftover from debugging, I assume. > > Why place the check_sender() call here vs. just replacing the existing > > security_netlink_send() call in netlink_sendmsg() with this new call? > > Sorry, replacing security_netlink_send() would be bad (for SELinux > checking), but I'm not clear on why you don't put the check_sender() > call right after it in netlink_sendmsg() so that you ensure that you > have complete coverage (vs. unicast-specific). The receiver hasn't been looked up, so you don't have the nlk_sk()->check_sender handy yet. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [RFC][PATCH 1/3] netlink check sender, Chris Wright |
|---|---|
| Next by Date: | Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira |
| Previous by Thread: | Re: [RFC][PATCH 1/3] netlink check sender, Stephen Smalley |
| Next by Thread: | Re: [RFC][PATCH 1/3] netlink check sender, Chris Wright |
| Indexes: | [Date] [Thread] [Top] [All Lists] |