On Sat, 14 Apr 2001, Crispin Cowan wrote: > Greg KH wrote: > > > On Sat, Apr 14, 2001 at 03:57:15PM -0700, Crispin Cowan wrote: [something stupid] > > Eeek! No! > > The kernel should _not_ be reading _any_ userspace config files. > > Well ok then :-) > > > > It doesn't solve any "trust" issues of having the kernel read the file vs. a > > userspace program sending the already parsed data to the kernel module through an > > ioctl or filesystem handle. > > Is there any additional help we can give modules to load config files? Or is it pretty > much all there with ioctls? If you want to read files from within the kernel, you can make calls directly to the systemcalls (open, read, etc) within the module. If you need a context, borrow the context in current, or if you feel brave, use inits. Not advised though. > Exactly: I want to avoid messing with it, but enabel LSMs to mess with them. If we > can get away with it, just standing aside and letting the LSMs talk directly to the > file system would be ideal. Can we integrate ourselves with the beginnings of ACLs in the Vfs/ext? The framework is there. its just not completed, ie in vfs_permission in linux/fs/namei.c, we could just append our 'hook'. --Tim > > Crispin > > -- > Crispin Cowan, Ph.D. > Chief Scientist, WireX Communications, Inc. http://wirex.com > Security Hardened Linux Distribution: http://immunix.org > > > _______________________________________________ > linux-security-module mailing list > linux-security-moduleat_private > http://mail.wirex.com/mailman/listinfo/linux-security-module > -- There are a thousand hacking at the branches of evil to the one who is striking at the root. --Henry D. Thoreau _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Apr 14 2001 - 18:37:54 PDT