Re: intercepting system calls

• Previous message: Philippe Biondi: "Specifications (the beginning)"
• Next in thread: Casey Schaufler: "Re: intercepting system calls"
• Next in thread: David Wagner: "Re: intercepting system calls"
• Reply: Casey Schaufler: "Re: intercepting system calls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Greg KH  wrote:
>On Fri, Apr 13, 2001 at 12:59:52AM +0000, David Wagner wrote:
>> >Quick answer:  processes share file
>> >descriptors, so you also have to mediate read and write.
>> 
>> I'm sorry, could you explain further?  I didn't follow.
>
>A program gets a file descriptor and then forks().  The child process
>uses then uses the file descriptor created by the parent.

What's the problem?

Could you give me a concrete example of a policy where this matters?
If we have to go to some lengths to support mediating read and write,
do you think this is justified?  I could be convinced, but on what I've
seen so far, I'm skeptical.

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: David Wagner: "Re: intercepting system calls"
• Previous message: Philippe Biondi: "Specifications (the beginning)"
• Next in thread: Casey Schaufler: "Re: intercepting system calls"
• Next in thread: David Wagner: "Re: intercepting system calls"
• Reply: Casey Schaufler: "Re: intercepting system calls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:54:20 PDT