Re: Policy question

From: Greg KH (gregat_private)
Date: Wed May 30 2001 - 10:35:57 PDT

  • Next message: Roy S. Shea: "sys_setpriority error"

    On Wed, May 30, 2001 at 11:20:03AM -0700, Titus D. Winters wrote:
    > So Chris Lundberg and I are in the process of porting over a honeypot that
    > I wrote as an LKM a while back.  Since we are hiding files and processes,
    > we are finding that returning EPERM in places (like ptrace, open, and
    > several others) is less useful than returning something like ESRCH or
    > ENOENT.  Aside from the 1 assignment per query performance hit, why are we
    > not doing something like
    > if ((ret = security_ops->ptrace(current->p_pptr, current)))
    > 	goto out;
    > instead of
    > if (security_ops->ptrace(current->p_pptr, current))
    > 	goto out;
    That looks like the proper fix.  A patch against bitkeeper would be
    greatly appreciated.
    greg k-h
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed May 30 2001 - 11:37:07 PDT