Re: Where Are We?

• Previous message: Stephen Smalley: "Re: Where Are We?"
• In reply to: Stephen Smalley: "Re: Where Are We?"
• Next in thread: Stephen Smalley: "Re: Where Are We?"
• Next in thread: Chris Lundberg: "Re: Where Are We?"
• Next in thread: Casey Schaufler: "Re: Where Are We?"
• Reply: Stephen Smalley: "Re: Where Are We?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 06 Jun 2001 13:26:43 EDT, Stephen Smalley said:

> Does "kernel logic" just mean the call to inode->i_op->permission,
> or does it mean all of the permission routines in the various 
> filesystem implementations?

Don't forget all the *NON*-filesystem based permission checking as well.

For instance, settimeofday() does checking, but never goes anywhere near
a filesystem that I'm aware of.  And we *all* know that we want to be able
to create a security policy that allows NTP to diddle the clock, open port
137, and nothing else...
-- 
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech

• application/pgp-signature attachment: stored

• Next message: Chris Lundberg: "Re: Where Are We?"
• Previous message: Stephen Smalley: "Re: Where Are We?"
• In reply to: Stephen Smalley: "Re: Where Are We?"
• Next in thread: Stephen Smalley: "Re: Where Are We?"
• Next in thread: Chris Lundberg: "Re: Where Are We?"
• Next in thread: Casey Schaufler: "Re: Where Are We?"
• Reply: Stephen Smalley: "Re: Where Are We?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 10:46:24 PDT