Re: A Comment from User Space

• Previous message: Valdis.Kletnieksat_private: "Re: A Comment from User Space"
• In reply to: David Wagner: "Re: A Comment from User Space"
• Next in thread: David Wagner: "Re: A Comment from User Space"
• Reply: David Wagner: "Re: A Comment from User Space"
• Reply: Seth Arnold: "Re: A Comment from User Space"
• Reply: Crispin Cowan: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 24 Apr 2001 00:01:46 BST, dawat_private (David Wagner)  said:
> Give me an example of an important, security-critical app that makes
> security decisions based on the result of access().  I bet just about
> every app that uses access() in this way is already broken, and I've

You've got it backwards.  We *know* that 'access()' is fundementally
screwed up.

BUT WHAT IF IT ACTUALLY WORKED?

How many security-critical apps would use it instead of jumping
through the current contortions they go through to check?

How many apps that jump through those hoops get it *wrong*?

access() is cast in stone, and un-fixable.  However, here we have
at least a snowball's chance of getting it *right*.  We should take
a LONG look at that possibility....

/Valdis

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Valdis.Kletnieksat_private: "Re: A Comment from User Space"
• Previous message: Valdis.Kletnieksat_private: "Re: A Comment from User Space"
• In reply to: David Wagner: "Re: A Comment from User Space"
• Next in thread: David Wagner: "Re: A Comment from User Space"
• Reply: David Wagner: "Re: A Comment from User Space"
• Reply: Seth Arnold: "Re: A Comment from User Space"
• Reply: Crispin Cowan: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 19:20:47 PDT