1. 14 Feb, 2010 3 commits
  2. 26 Jan, 2010 1 commit
  3. 10 Jan, 2010 2 commits
  4. 15 Dec, 2009 1 commit
  5. 09 Dec, 2009 1 commit
  6. 20 Nov, 2009 1 commit
  7. 29 Oct, 2009 1 commit
  8. 08 Jun, 2009 1 commit
  9. 02 Jun, 2009 1 commit
  10. 09 May, 2009 1 commit
  11. 13 Apr, 2009 1 commit
  12. 01 Apr, 2009 1 commit
  13. 22 Feb, 2009 1 commit
  14. 12 Feb, 2009 1 commit
    • Kentaro Takeda's avatar
      Memory and pathname management functions. · c73bd6d4
      Kentaro Takeda authored
      
      
      TOMOYO Linux performs pathname based access control.
      To remove factors that make pathname based access control difficult
      (e.g. symbolic links, "..", "//" etc.), TOMOYO Linux derives realpath
      of requested pathname from "struct dentry" and "struct vfsmount".
      
      The maximum length of string data is limited to 4000 including trailing '\0'.
      Since TOMOYO Linux uses '\ooo' style representation for non ASCII printable
      characters, maybe TOMOYO Linux should be able to support 16336 (which means
      (NAME_MAX * (PATH_MAX / (NAME_MAX + 1)) * 4 + (PATH_MAX / (NAME_MAX + 1)))
      including trailing '\0'), but I think 4000 is enough for practical use.
      
      TOMOYO uses only 0x21 - 0x7E (as printable characters) and 0x20 (as word
      delimiter) and 0x0A (as line delimiter).
      0x01 - 0x20 and 0x80 - 0xFF is handled in \ooo style representation.
      The reason to use \ooo is to guarantee that "%s" won't damage logs.
      Userland program can request
      
       open("/tmp/file granted.\nAccess /tmp/file ", O_WRONLY | O_CREAT, 0600)
      
      and logging such crazy pathname using "Access %s denied.\n" format will cause
      "fabrication of logs" like
      
       Access /tmp/file granted.
       Access /tmp/file denied.
      
      TOMOYO converts such characters to \ooo so that the logs will become
      
       Access /tmp/file\040granted.\012Access\040/tmp/file denied.
      
      and the administrator can read the logs safely using /bin/cat .
      Likewise, a crazy request like
      
       open("/tmp/\x01\x02\x03\x04\x05\x06\x07\x08\x09", O_WRONLY | O_CREAT, 0600)
      
      will be processed safely by converting to
      
       Access /tmp/\001\002\003\004\005\006\007\010\011 denied.
      Signed-off-by: default avatarKentaro Takeda <takedakn@nttdata.co.jp>
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: default avatarToshiharu Harada <haradats@nttdata.co.jp>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      c73bd6d4