[redhat-lspp] Re: Deleting xfrms
Stephen Smalley
sds at tycho.nsa.gov
Tue Feb 13 12:57:03 UTC 2007
On Tue, 2007-02-13 at 07:39 -0500, Stephen Smalley wrote:
> On Mon, 2007-02-12 at 17:39 -0600, Joy Latten wrote:
> > I was looking at a patch D.Miller posted for xfrm_audit_log()
> > and could not help but notice that in pfkey_spddelete() and
> > xfrm_get_policy() we delete policy first and then check to see if we
> > have permissions to. Am I missing the original intentions or
> > is this incorrect? Shouldn't it be check the permissions first and then
> > call xfrm_policy_bysel_ctx()?
>
> IIUC, the security_xfrm_policy_free call is just freeing the temporary
> object created from the user context in order to perform the lookup of
> the xp. The permission check occurs upon security_xfrm_policy_delete,
> and the actual deletion of the policy occurs upon xfrm_pol_put ->
> __xfrm_policy_destroy. pfkey_spddelete() does look wrong, since it
> always calls xfrm_pol_put on the out path, whereas xfrm_get_policy()
> jumps over the xfrm_pol_put() call upon an error from
> security_xfrm_policy_delete().
Ah, sorry - I see what you mean now. xfrm_policy_bysel_ctx() does
appear to unlink the policy and kill it, so it looks like you are
correct - the security_xfrm_policy_delete() hook is being called too
late.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list