Policy question

From: Titus D. Winters (titusat_private)
Date: Wed May 30 2001 - 11:20:03 PDT

  • Next message: Greg KH: "Re: Policy question"

    So Chris Lundberg and I are in the process of porting over a honeypot that
    I wrote as an LKM a while back.  Since we are hiding files and processes,
    we are finding that returning EPERM in places (like ptrace, open, and
    several others) is less useful than returning something like ESRCH or
    ENOENT.  Aside from the 1 assignment per query performance hit, why are we
    not doing something like
    
    if ((ret = security_ops->ptrace(current->p_pptr, current)))
    	goto out;
    
    instead of
    
    if (security_ops->ptrace(current->p_pptr, current))
    	goto out;
    
    ?
    
    Now, I understand that things like honeypots are not necessarily normal
    security policy, and thus might not be covered within the scope of our
    task.  But I think if we are going for a really general framework, it
    would be good to include the ability to do these things.
    
    So my question really is, should we go grab a BitKeeper of the current
    source and make these changes?  Would anyone mind terribly?  Would they
    have a chance of being accepted into the patch?
    
    -Titus Winters
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed May 30 2001 - 11:21:31 PDT