Check out the new USENIX Web site. next up previous
Next: Filesystem Hooks Up: Implementation Previous: Program Loading Hooks


IPC Hooks

Security modules can manage security information and perform access control for System V IPC using the LSM IPC hooks. The IPC object data structures share a common substructure, kern_ipc_perm, and only a pointer to this substructure is passed to the existing ipcperms function for checking permissions. Hence, LSM adds a security field to this shared substructure. To support security information for individual messages, LSM also adds a security field to the msg_msg structure.

LSM inserts a hook into the existing ipcperms function so that a security module can perform a check for each existing Linux IPC permission check. However, since these checks are not sufficient for some security modules, LSM also inserts hooks into the individual IPC operations. These hooks provide more detailed information about the type of operation and the specific arguments. They also support fine-grained control over individual messages sent via System V message queues.



Chris Wright 2002-05-13