Re: A Comment from User Space

From: Valdis.Kletnieksat_private
Date: Mon Apr 23 2001 - 19:19:23 PDT

  • Next message: Valdis.Kletnieksat_private: "Re: A Comment from User Space"

    On Tue, 24 Apr 2001 00:01:46 BST, dawat_private (David Wagner)  said:
    > Give me an example of an important, security-critical app that makes
    > security decisions based on the result of access().  I bet just about
    > every app that uses access() in this way is already broken, and I've
    
    You've got it backwards.  We *know* that 'access()' is fundementally
    screwed up.
    
    BUT WHAT IF IT ACTUALLY WORKED?
    
    How many security-critical apps would use it instead of jumping
    through the current contortions they go through to check?
    
    How many apps that jump through those hoops get it *wrong*?
    
    access() is cast in stone, and un-fixable.  However, here we have
    at least a snowball's chance of getting it *right*.  We should take
    a LONG look at that possibility....
    
    /Valdis
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 19:20:47 PDT