Re: 2001_05_09 patch against 2.4.4

• Previous message: David Wagner: "Re: 2001_05_09 patch against 2.4.4"
• In reply to: jmjonesat_private: "Re: 2001_05_09 patch against 2.4.4"
• Reply: jmjonesat_private: "Re: 2001_05_09 patch against 2.4.4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Suppose there's a crack that replaces the task's code at some point after 
>the file is opened?  Subsequently, a sensitive file (e.g. /etc/passwd) may
>be compromised during a read or write from what apparently is a valid 
>process.   The capabilities module MAY wish to restrict *certain kinds* 
>of read/writes as being "suspicious".

Huh??  It is the open("/etc/passwd", .) call that is suspicious,
not the read()/write() call.  How are you going to decide which
read()/write() calls are suspicious?  Frankly, I don't understand
what you're driving at.  If there is a good reason to check read()
and write() calls, this does not seem to be it.

Anyway, we discussed this issue at length some time ago, and some
other policy module writers said they needed the ability to check
read() and write() calls.

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: David Wagner: "Re: 2001_05_09 patch against 2.4.4"
• Previous message: David Wagner: "Re: 2001_05_09 patch against 2.4.4"
• In reply to: jmjonesat_private: "Re: 2001_05_09 patch against 2.4.4"
• Reply: jmjonesat_private: "Re: 2001_05_09 patch against 2.4.4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 17 2001 - 00:05:27 PDT