On Fri, 13 Apr 2001, Greg KH wrote: > > fork: Put hook right before "wake_up_process". Child exists, the > > child's process pointer is available, but it has not started > > running yet. > > If the hook is a bit before this in fork, say before all the process > information is copied into the child, is this acceptable? Or are you > wanting to have access to all of that information? > > Is this more an accounting operation, or do you want to be able to stop > the fork() from completing at this stage (if so, I'd argue that right > before wake_up_process() is a bit too late :)? We use this purely as an accounting operation; as such, we want access to as much information about the child process as possible. > > exit: For linux we needed two hooks, one at "exit_thread", the other > > at "free_uid". The first prevents us fro doing anything stupid > > during process exit, the second tells us to nuke objects > > associated with the process. > > Shouldn't we hook at release_task() also? IIRC, we did everything at the "free_uid" point that you would do at release_task(). That doesn't mean what we did is right... its certainly ugly. > > The other issue is per-process data. I know we needed quite a bit of > > bookkeeping information. Not being able to modify the proc structure, > > we had our own internal list keyed on pid. A small number of generic > > void* pointers on task_struct would make life easier. > > 1 pointer should be sufficient. You can hook whatever you want off of > that. But then you could only have one module concerned about each process... we wouldn't want to limi *slap* Er, nevermind. Yep, one pointer is fine. Doug -- dougkat_private dkilpatrat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Apr 15 2001 - 16:12:56 PDT