Re: intercepting system calls

From: Tim lawless (lawlessat_private)
Date: Sat Apr 14 2001 - 12:16:47 PDT

  • Next message: Crispin Cowan: "Re: Specifications (the beginning)"

    On Sat, 14 Apr 2001, Crispin Cowan wrote:
    
    > David Wagner wrote:
    >
    > > Seth Arnold  wrote:
    > > >What would happen to the security_state field in the task_struct for
    > > >processes already running before the module is loaded? Would the module,
    > > >during load, iterate through all processes and update their security
    > > >pointers? Would the module, during unload (is unloading something we
    > > >really want to support? :), iterate through all processes and return the
    > > >security handler information a null or default state?
    > >
    > > I would propose to let this be module specific.
    > >
    > > If the module wants to know about pre-existing processes,
    > > let the module do this iteration when it is initialized and
    > > attach to process it cares about.  If it doesn't need to know
    > > about pre-existing processes, it can omit this step.
    >
    > I agree.  I suspect that the common case will be for the loaded module to do
    > nothing to existing processes:  if its important, then configure the system
    > for the module to load early, or compile it into the kernel.
    >
    > To allow modules that want to do this to do it, we'll need to expose the
    > task list, so that iteration can happen.  But we'll need to do that anyway,
    > because some security policies will depend on quantified assertions like
    > "For all processes ..." or "There does (not) exist a process that ..."
    
    First, the task_list is currently exported via the init_task_union
    symbol (init_task_union.task to be specific), in 2.2.X the tasklist_lock
    symbol is not exported tho.
    
    The 'forgiveness' for existing processes is somthing I had to do earlier,
    since we can't trust the process (filename, argument) information
    associated with the task (take a peek at what sendmail does to its
    data).
    
    The easiest way to handle it, with the minimum of forgiven tasks
    was to load first thing from init, that way you only need forgive
    init (not a bad thing, IMHO), kswapd, and if present, khttpd.
    
    --Tim
    
    >
    > Crispin
    >
    > --
    > Crispin Cowan, Ph.D.
    > Chief Scientist, WireX Communications, Inc. http://wirex.com
    > Security Hardened Linux Distribution:       http://immunix.org
    >
    >
    > _______________________________________________
    > linux-security-module mailing list
    > linux-security-moduleat_private
    > http://mail.wirex.com/mailman/listinfo/linux-security-module
    >
    
    -- 
    There are a thousand hacking at the branches of evil to the one
    who is striking at the root.
    				--Henry D. Thoreau
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Sat Apr 14 2001 - 14:14:24 PDT