Re: Append vs. write distinctions

From: Chris Wright (chrisat_private)
Date: Tue May 22 2001 - 14:17:13 PDT

  • Next message: jmjonesat_private: "Re: Extending a Security Module"

    * Stephen Smalley (sdsat_private) wrote:
    > Some possible solutions:
    > 1) Change the computation of acc_mode in open_namei() to retain
    > the O_APPEND flag if it is in flags.  In the permission() function,
    > call the LSM permission security hook with this expanded access mode so
    > that it can distinguish append access from write access.  After calling
    > the LSM permission security hook, reduce the access mode to the
    > traditional read/write/execute modes before performing the normal
    > Linux checking (i.e. the call to the inode permission operation
    > or the call to vfs_permission).  OR
    > 2) Change the IS_APPEND (and IS_IMMUTABLE and perhaps other) macros to
    > also call a LSM security hook when the check is performed so that the
    > security module has the option of performing a check at this point based
    > on both the process and the file.
    Do you have a preference?
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue May 22 2001 - 14:19:31 PDT