Re: 2001_05_09 patch against 2.4.4

From: Chris Wright (chrisat_private)
Date: Wed May 16 2001 - 16:42:07 PDT

  • Next message: Chris Wright: "Re: 2001_05_09 patch against 2.4.4"

    * jmjonesat_private (jmjonesat_private) wrote:
    > On Tue, 15 May 2001, Chris Evans wrote:
    > > 
    > > Can you still think of a case where read/write hooking is necessary?
    > > 
    > Suppose there's a crack that replaces the task's code at some point after 
    > the file is opened?  Subsequently, a sensitive file (e.g. /etc/passwd) may
    > be compromised during a read or write from what apparently is a valid 
    > process.   The capabilities module MAY wish to restrict *certain kinds* 
    > of read/writes as being "suspicious".  Not sure if I can think of a case
    > where this might happen in practice, except, possibly, adding a line to 
    > an auth file... a poorly programmed task might open  w+ to read/modify 
    > a file and the "evil" may wish to extend that file... which could be 
    > a prohibitted activity according to policy.
    To be clear...the capabilities module will not add _anything_ new to current
    capabilities.  All the parts of the LSM interface that capabilities does not
    currently use become essentially no-ops.
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed May 16 2001 - 16:44:26 PDT