Re: A Comment from User Space

From: David Wagner (dawat_private)
Date: Sat Apr 21 2001 - 14:36:31 PDT

  • Next message: David Wagner: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"

    >On 21 Apr 2001, David Wagner wrote:
    >> Crispin Cowan  wrote:
    >> >Applications that do want to learn this kind of thing normally use the
    >> >access() system call, and that call should continue to function.
    >> 
    >> It may be relevant to also mention that applications that want to
    >> call access() or equivalent are also often broken, so any policy
    >> module that supports such apps might also be referred to as "broken"
    >> from another viewpoint. :-)
    >
    >I don't think security-aware-polite programs are "broken" if they want
    >to use access() to "size up the situation", [...]
    
    Well, my remark should only be taken half-seriously, as stated.  It
    was intended as a lighthearted attempt to remind folks that whether
    to support access() or not is a question of policy and thus, I would
    argue, should be left up to the policy module.
    
    Second, may I suggest that you take a look at my prior message?
     http://mail.wirex.com/pipermail/linux-security-module/2001-April/000092.html
    I explain why it is not unreasonable for one's security policy to say
    "use of access() is a bug": it often leads to TOCTTOU vulnerabilities.
    
    Once again, I propose the following: If you want to build a policy
    module that adds extra semantics to access(), feel free -- but I would
    like to be free to build a policy module that ignores access() [or even
    kills any process that uses it, if I wish].
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Sat Apr 21 2001 - 14:38:57 PDT