User: Password:
Subscribe / Log in / New account

Security modules and ioctl()

Security modules and ioctl()

Posted Feb 21, 2011 13:21 UTC (Mon) by jthill (subscriber, #56558)
Parent article: Security modules and ioctl()

How does the 2005 patch force anything at all? The ioctl entrypoints drive all the checking themselves, no matter what it seems -- ioctl_perm() is just a linear search, you'd express it directly in C++ with plain find().

It looks like the mistake with the DIR bits was made immediately when the earlier patch was proposed, and the resulting bad patch was just Smalley taking somebody's word for it on what those bits mean.

Aren't ioctl numbers part of the userland ABI, set permanently? If so, how is drift a concern here?

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds