Re: Policy question

From: Stephen Smalley (sdsat_private)
Date: Wed May 30 2001 - 11:49:40 PDT

  • Next message: Chris Wright: "Re: Policy question"

    On Wed, 30 May 2001, Titus D. Winters wrote:
    > So Chris Lundberg and I are in the process of porting over a honeypot that
    > I wrote as an LKM a while back.  Since we are hiding files and processes,
    > we are finding that returning EPERM in places (like ptrace, open, and
    > several others) is less useful than returning something like ESRCH or
    > ENOENT.  Aside from the 1 assignment per query performance hit, why are we
    > not doing something like
    > if ((ret = security_ops->ptrace(current->p_pptr, current)))
    > 	goto out;
    > instead of
    > if (security_ops->ptrace(current->p_pptr, current))
    > 	goto out;
    From a safety point of view, you must then reset the value of
    'ret' to its previous value after a successful call to the
    hook.  Otherwise, subsequent code may incorrectly assume that
    'ret' still has a previously assigned value.  For example, if you 
    apply the same change to the subsequent call to 
    security_ops->ptrace(current,child), then you will create a problem for
    the checks that follow it.  Those checks expect 'ret' to still be
    -EPERM, not zero.
    Are you also filtering the reads of /proc (to hide processes) and
    of ordinary directories (to hide files)?
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed May 30 2001 - 11:51:35 PDT