>On 21 Apr 2001, David Wagner wrote: >> Crispin Cowan wrote: >> >Applications that do want to learn this kind of thing normally use the >> >access() system call, and that call should continue to function. >> >> It may be relevant to also mention that applications that want to >> call access() or equivalent are also often broken, so any policy >> module that supports such apps might also be referred to as "broken" >> from another viewpoint. :-) > >I don't think security-aware-polite programs are "broken" if they want >to use access() to "size up the situation", [...] Well, my remark should only be taken half-seriously, as stated. It was intended as a lighthearted attempt to remind folks that whether to support access() or not is a question of policy and thus, I would argue, should be left up to the policy module. Second, may I suggest that you take a look at my prior message? http://mail.wirex.com/pipermail/linux-security-module/2001-April/000092.html I explain why it is not unreasonable for one's security policy to say "use of access() is a bug": it often leads to TOCTTOU vulnerabilities. Once again, I propose the following: If you want to build a policy module that adds extra semantics to access(), feel free -- but I would like to be free to build a policy module that ignores access() [or even kills any process that uses it, if I wish]. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Apr 21 2001 - 14:38:57 PDT