intercepting system calls

From: David Wagner (dawat_private)
Date: Thu Apr 12 2001 - 18:07:59 PDT

  • Next message: David Wagner: "Specifications (the beginning)"

    Jesse Pollard  wrote:
    >have to mediate mmap too.
    
    Why?  In Janus, we pushed all these checks to open().
    [For instance, mmap() won't lead you write to a file opened read-only.]
    
    Probably I'm overlooking something.  I'd love to be enlightened.
    
    >Part of the difficulty is in determining what is/should be part of the
    >security context.
    
    Why?  This should be up to the module to decide for itself what
    is relevant to its particular policy.  What am I missinng?
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:15:27 PDT