From: Eric Paris <[EMAIL PROTECTED]>
Date: Fri, 02 Mar 2007 13:29:50 -0500
> The security hooks to check permissions to remove an xfrm_policy were
> actually done after the policy was removed. Since the unlinking and
> deletion are done in xfrm_policy_by* functions this moves the hooks
> inside t
On Fri, 2 Mar 2007, Eric Paris wrote:
> Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
Acked-by: James Morris <[EMAIL PROTECTED]>
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo
On Mon, 2007-03-05 at 11:39 -0500, James Morris wrote:
> On Mon, 5 Mar 2007, Venkat Yekkirala wrote:
>
> > >
> > > Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
> > Acked-by: Venkat Yekkirala <[EMAIL PROTECTED]>
>
> What about your previous comment:
>
> "I guess you meant to do this here?
>
> > >
> > > Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
> > Acked-by: Venkat Yekkirala <[EMAIL PROTECTED]>
>
> What about your previous comment:
>
> "I guess you meant to do this here?
> else if (err)
> return err; "
I saw that this was taken care of in patch-2 for t
On Mon, 5 Mar 2007, Venkat Yekkirala wrote:
> >
> > Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
> Acked-by: Venkat Yekkirala <[EMAIL PROTECTED]>
What about your previous comment:
"I guess you meant to do this here?
else if (err)
return err; "
--
James Morris
<[E
>
> Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
Acked-by: Venkat Yekkirala <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
> Also, [Joy cc'd] deletions here needn't be audited?
OK, I see the next patch addressed this :)
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
> @@ -2552,7 +2550,7 @@ static int pfkey_spdget(struct sock
> *sk, struct sk_buff *skb, struct sadb_msg *h
> return -EINVAL;
>
> xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir,
> pol->sadb_x_policy_id,
> - hdr->sadb_msg_type == SADB_X_SPDDELETE2);
The security hooks to check permissions to remove an xfrm_policy were
actually done after the policy was removed. Since the unlinking and
deletion are done in xfrm_policy_by* functions this moves the hooks
inside those 2 functions. There we have all the information needed to
do the security check
