Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: [PATCH] SELinux: Use unknown perm handling to handle unknown netlink msg types
From: Paul Moore <paul.moore_at_hp.com>
Date: Wed, 5 Nov 2008 11:38:59 -0500
What about moving the security_get_allow_unknown() call to the default switch clause of selinux_nlmsg_lookup()? Something like this: /* No messaging from userspace, or class unknown/unhandled */ default: if (!security_get_allow_unknown()) err = -ENOENT; break; This seems like a more natural fit to me (although maybe the audit message should be moved to selinux_nlmsg_lookup() too?) and it has the benefit of still checking the socket permissions via socket_has_perm() in the event that the netlink message is unknown. -- paul moore linux @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 5 Nov 2008 - 11:39:04 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |