On Wed, 13 Jun 2001, Casey Schaufler wrote: > If you're writing a module which does audit (we'll > have hook proposals by the end of the month, probably > sooner) you need to do the capability (or Superuser) > check after the DAC check so that you can record the > decision properly. You don't want to say that someone > got access because they had privilege when the file > is mode 777. I'm not sure that this is an example of needing authoritative hooks. As it stands in the base kernel logic, I think that the capable() check is typically only performed if the DAC logic would deny access. This should handle your concern. And even if you wanted similar behavior for the hook functions, you could still just use restrictive hooks placed after the normal base logic checks. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jun 13 2001 - 12:44:33 PDT