Re: 2001_05_09 patch against 2.4.4

From: jmjonesat_private
Date: Wed May 16 2001 - 05:20:57 PDT

  • Next message: Stephen Smalley: "Re: 2001_05_09 patch against 2.4.4"

    On Tue, 15 May 2001, Chris Evans wrote:
    > On Tue, 15 May 2001 jmjonesat_private wrote:
    > > > Can you still think of a case where read/write hooking is necessary?
    > >
    > > Suppose there's a crack that replaces the task's code at some point after
    > > the file is opened?  Subsequently, a sensitive file (e.g. /etc/passwd) may
    > > be compromised during a read or write from what apparently is a valid
    > A very good point. To see the way I'd like to see this solved, consider
    > "netscape" - surely a likely candidate for "a crack that replaces the
    > task's code at some point" :-)
    > The netscape process should be started with security restrictions in place
    > - i.e. it should not get the chance to open anything remotely "sensitive"
    > (read /etc/passwd, write the user's .rhosts etc). It should only get
    > access to its cache files, config files etc.[1]
    Most *certainly* I agree that no program should be able to open a file
    it has no business touching, but there are some programs that MUST make
    use of "sensitive" files, such as Apache, login, sendmail.... and while
    these specific programs may be carefully written (after many many
    patches), I still conceive it's possible that a similar program may 
    be poorly written, or "not-so-poorly-but-with-an-oversite", which seems
    to be the most common situation requiring "upgrades" these days. 
    The security module needs to be able to check reads and writes, in many
    cases, to protect the system at large against "crack" and reliably
    monitor what could happen between open and close, inside the task... not
    even considering a fork or descriptor-passing problem, imho, in case the
    security strategy in the module includes the idea of "proper access"
    on a finer level than just read or write.
    Extremely well written, totally bulletproof applications in userspace 
    would be a wonderful thing... but are about as likely as cupcakes 
    growing on trees. :)
    > Cheers
    > Chris
    Off to Plant My Cupcake Tree,
    J. Melvin Jones
    ||  J. MELVIN JONES            jmjonesat_private 
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed May 16 2001 - 05:22:41 PDT