On Tue, 24 Apr 2001 02:52:24 BST, dawat_private (David Wagner) said: > >BUT WHAT IF IT ACTUALLY WORKED? > No, no, it's worse than you realize. What you want is fundamentally No, I realize exactly what the problem is. > impossible, with the access() current interface. The Right. With the *CURRENT INTERFACE*. > You'd have to invent a new, secure interface to get this right, and access() > isn't it. Haven't I explained this about five or six times now? Right. And I'm saying that *THIS* is the time to at least think about defining a new, secure interface. OK everybody - knowing what we know *NOW*, how would we define a 'what_access_should_have_been()' interface? Remember that as long as we're at it, we should be more general than just "do the file permissions allow open()" - we should look at sockets, mmap, and things like that. /Valdis _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 20:12:52 PDT