Re: Append vs. write distinctions

From: Stephen Smalley (sdsat_private)
Date: Tue May 29 2001 - 08:25:46 PDT

  • Next message: Bruj0: "Re: 2001-05-27 patch against 2.4.5"

    On Tue, 22 May 2001, Chris Wright wrote:
    > > 1) Change the computation of acc_mode in open_namei() to retain
    > > the O_APPEND flag if it is in flags.  In the permission() function,
    > > call the LSM permission security hook with this expanded access mode so
    > > that it can distinguish append access from write access.  After calling
    > > the LSM permission security hook, reduce the access mode to the
    > > traditional read/write/execute modes before performing the normal
    > > Linux checking (i.e. the call to the inode permission operation
    > > or the call to vfs_permission).  OR
    > Do you have a preference?
    I would favor this first option.  This will also require a hook in
    fcntl to address the situation where the O_APPEND flag is cleared
    on an open file descriptor.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue May 29 2001 - 08:28:27 PDT