Re: 2001_05_09 patch against 2.4.4

From: David Wagner (dawat_private)
Date: Wed May 16 2001 - 23:58:34 PDT

  • Next message: David Wagner: "Re: 2001_05_09 patch against 2.4.4"

    Chris Wright  wrote:
    >But I'm not sure we need any explicit support for across the board syscall
    >interpostion in the LSM interface.  Because of the nature of the syscall
    >table, it is easy enough for an LSM to overwrite the syscall table with it's
    >own set of wrappers.
    
    Surprisingly, it is not as easy as you might think once you look
    more closely.  I wrote about this very soon after the creation of
    this mailing list.
    
    For example, here are three problems:
     - Race conditions with adding/removing syscalls (especially on SMP machines).
     - What happens if more than one entity wants to interpose on syscalls?
     - Interposing on execve() [and one or two others] is tricky.
    This is not an exhaustive list.
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu May 17 2001 - 00:01:30 PDT