ipc_id: The ipc_id data structure describes the security credentials of an IPC resource with the
p field, which is a pointer to the credential structure of the resource.
kern_ipc_perm: The kern_ipc_perm data structure is a credential structure for an IPC
resource with fields such as key, uid, gid, cuid, cgid, mode, seq, and security. uid and cuid represent
the owner and creator user ID. gid and cgid represent the owner and creator group ID. The mode
field represents the permission bit mask and the seq field identifies the slot usage sequence number.
The security field is a pointer to a structure that is not used by the SLES kernel.
5.3.3.2 Common functions
Common security-relevant functions are ipc_alloc() and ipcperms().
5.3.3.2.1 ipc_alloc()
The ipc_alloc() function is invoked from the initialization functions of all three IPC resources to allocate
storage space for respective arrays of IPC resource descriptors of the IPC resource. The ipc_ids data
structure field entries point to the IPC resource descriptors. Depending on the size, computed from the
maximum number of IPC resources, ipc_alloc() invokes either kmalloc() with the GFP_KERNEL
flag, or vmalloc(). There are no object reuse issues, because in both cases the memory allocated is in the
kernel buffer and the kernel uses the memory for the kernel’s internal purposes.
5.3.3.2.2 ipcperms()
The ipcperms() function is called when a process attempts to access an IPC resource. ipcperms()
enforces the DAC policy. Discretionary access to the IPC resource is granted based on the same logic as that
of regular files, using the owner, group, and access mode of the object. The only difference is that the owner
and creator of the IPC resource are treated equivalently, and the execute permission flag is not used.
5.3.3.3 Message queues
Important data structures for message queues are msg_queue, which describes the structure of a message
queue, and msg_msg, which describes the structure of the message. Important functions for message queues
are msgget(), msgsnd(), msgrcv(), and msgctl(). Once marked for deletion, no further operation
on a message queue is possible.
5.3.3.3.1 msg_queue
This structure describes the format of a message queue with fields such as q_perm, which points to the
kern_ipc_perm data structure; q_stime, which contains the time of the last msgsnd(); q_qcbytes,
which contains the number of bytes in queue q, and, qnum, which contains the number of messages in a
queue.
5.3.3.3.2 msg_msg
This structure describes the format of a message with fields such as m_type, which specifies the message
type; m_ts, which specifies message text size; m_list, which points to the message list; and, next, which
points to msg_msgseg corresponding to the next page frame containing the message.
65