Re: 2001_05_09 patch against 2.4.4

From: Chris Evans (chrisat_private)
Date: Mon May 14 2001 - 13:30:21 PDT

  • Next message: Chris Evans: "Re: 2001_05_09 patch against 2.4.4"

    On Thu, 10 May 2001, Greg KH wrote:
    > > Are there plans to hook syscalls? If not, I can make a very strong
    > > argument to do so. Let me know if you want to hear it.
    > Do you want to hook syscalls in a different manner than the current
    > ability to hook them (messing with the syscall table which LSM doesn't
    > effect)?  Or are you wanting a hook in the security table structure for
    > every individual call?
    It would be nice if the LSM project provided a way to hook arbitrary
    syscalls (see other mail). Of course, syscall latency is a concern, so in
    default form, this would entail checking a pointer for nullness, and
    finding a null pointer, so not doing anything.
    > The current scheme is to control access to the kernel's core data
    > structures.  Some of this requires hooks in syscalls, other places this
    > does not (the whole networking hook system will not be near the single
    > network syscall, from what I think Chris W. has in mind.)
    I think the most important "object" to hook in the networking land is the
    "network interface". Quick cheesy example:
    - eth0: labelled as low security
    - slip0: labelled as high security
    /etc/very/secret: labelled as sensitive, high security
    process pid 100: has /etc/very/secret open, marked as sensitive
    process pid 100 does socket()
    process pid 100 tries to bind to IP address owned by eth0 => EPERM!!
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Mon May 14 2001 - 17:31:25 PDT