Re: intercepting system calls

• Previous message: Crispin Cowan: "Re: Specifications (the beginning)"
• In reply to: Crispin Cowan: "Re: intercepting system calls"
• Next in thread: Philippe Biondi: "intercepting system calls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 14 Apr 2001, Crispin Cowan wrote:

> David Wagner wrote:
>
> > Seth Arnold  wrote:
> > >What would happen to the security_state field in the task_struct for
> > >processes already running before the module is loaded? Would the module,
> > >during load, iterate through all processes and update their security
> > >pointers? Would the module, during unload (is unloading something we
> > >really want to support? :), iterate through all processes and return the
> > >security handler information a null or default state?
> >
> > I would propose to let this be module specific.
> >
> > If the module wants to know about pre-existing processes,
> > let the module do this iteration when it is initialized and
> > attach to process it cares about.  If it doesn't need to know
> > about pre-existing processes, it can omit this step.
>
> I agree.  I suspect that the common case will be for the loaded module to do
> nothing to existing processes:  if its important, then configure the system
> for the module to load early, or compile it into the kernel.
>
> To allow modules that want to do this to do it, we'll need to expose the
> task list, so that iteration can happen.  But we'll need to do that anyway,
> because some security policies will depend on quantified assertions like
> "For all processes ..." or "There does (not) exist a process that ..."

First, the task_list is currently exported via the init_task_union
symbol (init_task_union.task to be specific), in 2.2.X the tasklist_lock
symbol is not exported tho.

The 'forgiveness' for existing processes is somthing I had to do earlier,
since we can't trust the process (filename, argument) information
associated with the task (take a peek at what sendmail does to its
data).

The easiest way to handle it, with the minimum of forgiven tasks
was to load first thing from init, that way you only need forgive
init (not a bad thing, IMHO), kswapd, and if present, khttpd.

--Tim

>
> Crispin
>
> --
> Crispin Cowan, Ph.D.
> Chief Scientist, WireX Communications, Inc. http://wirex.com
> Security Hardened Linux Distribution:       http://immunix.org
>
>
> _______________________________________________
> linux-security-module mailing list
> linux-security-moduleat_private
> http://mail.wirex.com/mailman/listinfo/linux-security-module
>

-- 
There are a thousand hacking at the branches of evil to the one
who is striking at the root.
				--Henry D. Thoreau



_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Crispin Cowan: "Re: Specifications (the beginning)"
• Previous message: Crispin Cowan: "Re: Specifications (the beginning)"
• In reply to: Crispin Cowan: "Re: intercepting system calls"
• Next in thread: Philippe Biondi: "intercepting system calls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Apr 14 2001 - 14:14:24 PDT