On Tue, 15 May 2001, Chris Evans wrote: > > On Tue, 15 May 2001 jmjonesat_private wrote: > > > > Can you still think of a case where read/write hooking is necessary? > > > > Suppose there's a crack that replaces the task's code at some point after > > the file is opened? Subsequently, a sensitive file (e.g. /etc/passwd) may > > be compromised during a read or write from what apparently is a valid > > A very good point. To see the way I'd like to see this solved, consider > "netscape" - surely a likely candidate for "a crack that replaces the > task's code at some point" :-) > > The netscape process should be started with security restrictions in place > - i.e. it should not get the chance to open anything remotely "sensitive" > (read /etc/passwd, write the user's .rhosts etc). It should only get > access to its cache files, config files etc.[1] > Most *certainly* I agree that no program should be able to open a file it has no business touching, but there are some programs that MUST make use of "sensitive" files, such as Apache, login, sendmail.... and while these specific programs may be carefully written (after many many patches), I still conceive it's possible that a similar program may be poorly written, or "not-so-poorly-but-with-an-oversite", which seems to be the most common situation requiring "upgrades" these days. The security module needs to be able to check reads and writes, in many cases, to protect the system at large against "crack" and reliably monitor what could happen between open and close, inside the task... not even considering a fork or descriptor-passing problem, imho, in case the security strategy in the module includes the idea of "proper access" on a finer level than just read or write. Extremely well written, totally bulletproof applications in userspace would be a wonderful thing... but are about as likely as cupcakes growing on trees. :) > Cheers > Chris > Off to Plant My Cupcake Tree, J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed May 16 2001 - 05:22:41 PDT