next up previous
Next: File System Hooks Up: LSM Interface Previous: Task Hooks


Program Loading Hooks

The linux_binprm structure represents a new program being loaded during an execve(2). LSM provides a set of program loading hooks, binprm_security_ops, to manage the process of loading new programs. Many security models, including Linux capabilities, require the ability to change privileges when a new program is executed. Consequently, these LSM hooks are called at critical points during program loading to verify a task's ability to load a new program and update the task's security field.

LSM adds a security field to the linux_binprm structure. At the beginning of an execve(2) after the new program file is opened, the alloc_security() program loading hook is called to allocate the security field. The set_security() hook is used to save security information in the linux_binprm security field. This hook may be called multiple times during a single execve(2) to accommodate interpreters. Either of these program loading hooks can be used to deny program execution.

In the final stages of program loading, the compute_creds() program loading hook is called to set the new security attributes of a task being transformed by execve(2). Typically, this hook will calculate the task's new credentials based on both its old credentials and the security information stored in the linux_binprm security field. Once the new program is loaded, the kernel releases the linux_binprm security field by calling the free_security() program loading hook.


next up previous
Next: File System Hooks Up: LSM Interface Previous: Task Hooks
James Morris
2002-07-09