Re: 2001_05_09 patch against 2.4.4

From: David Wagner (dawat_private)
Date: Thu May 17 2001 - 00:04:43 PDT

  • Next message: David Wagner: "Re: 2001_05_09 patch against 2.4.4"

    Chris Evans  wrote:
    >On Tue, 15 May 2001 jmjonesat_private wrote:
    >> > Can you still think of a case where read/write hooking is necessary?
    >> Suppose there's a crack that replaces the task's code at some point after
    >> the file is opened?  Subsequently, a sensitive file (e.g. /etc/passwd) may
    >> be compromised during a read or write from what apparently is a valid
    >A very good point.
    A good point, but it seems to be irrelevant to the question of whether
    to allow modules to interpose on read()/write() calls.  The functionality
    jmjones wants is easily accomplished by checking open() calls, if I am not
    >The netscape process should be started with security restrictions in place
    >- i.e. it should not get the chance to open anything remotely "sensitive"
    >(read /etc/passwd, write the user's .rhosts etc). It should only get
    >access to its cache files, config files etc.[1]
    See the Janus project.  We've done this for Netscape, as well as for
    many other applications.
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu May 17 2001 - 00:07:36 PDT