On Wed, 9 May 2001, Chris Wright wrote: > Latest lsm patch is available. > http://lsm.immunix.org/patches/lsm-2001_05_09-2.4.4.patch.gz Found the time for a quick look at "security.h" within this patch. Comments follow. 1) I didn't see any explict hook for file opening. I see file_ops->alloc_security, but that seems to be something else. (also it does not allow a security module to return other than EACCES. For prevention of covert channels, you might want to return ENOENT even if the file exists) 2) I see, currently, that syscalls are not hooked in a generic manner. From exceptionally brief scanning of the archives, this seems to be a debated point. Are there plans to hook syscalls? If not, I can make a very strong argument to do so. Let me know if you want to hear it. 3) There's a problem brewing with regards lack of central control points for logically equivalent operations. For example, in file_security_ops, I see separate hooks for mmap, read, write, readv, writev. But, logically, mmap(..., PROT_WRITE, MAP_SHARED, ...) is equivalent to write(). Lack of central control may result in a module blocking access to some operation, but leave a "backdoor" where the same operation is let through by a different syscall sequence to achieve the same effect. Cheers Chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu May 10 2001 - 14:59:33 PDT