* jmjonesat_private (jmjonesat_private) wrote: > > On Tue, 15 May 2001, Chris Evans wrote: > > > > > Can you still think of a case where read/write hooking is necessary? > > > > Suppose there's a crack that replaces the task's code at some point after > the file is opened? Subsequently, a sensitive file (e.g. /etc/passwd) may > be compromised during a read or write from what apparently is a valid > process. The capabilities module MAY wish to restrict *certain kinds* > of read/writes as being "suspicious". Not sure if I can think of a case > where this might happen in practice, except, possibly, adding a line to > an auth file... a poorly programmed task might open w+ to read/modify > a file and the "evil" may wish to extend that file... which could be > a prohibitted activity according to policy. To be clear...the capabilities module will not add _anything_ new to current capabilities. All the parts of the LSM interface that capabilities does not currently use become essentially no-ops. -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed May 16 2001 - 16:44:26 PDT