Re: New LSM patch for consideration

From: Stephen Smalley (sdsat_private)
Date: Wed Jun 13 2001 - 12:43:08 PDT

  • Next message: Stephen Smalley: "Re: New LSM patch for consideration"

    On Wed, 13 Jun 2001, Casey Schaufler wrote:
    
    > If you're writing a module which does audit (we'll
    > have hook proposals by the end of the month, probably
    > sooner) you need to do the capability (or Superuser)
    > check after the DAC check so that you can record the
    > decision properly. You don't want to say that someone
    > got access because they had privilege when the file
    > is mode 777.
    
    I'm not sure that this is an example of needing authoritative
    hooks.  As it stands in the base kernel logic, I think that
    the capable() check is typically only performed if the DAC
    logic would deny access.  This should handle your concern.
    And even if you wanted similar behavior for the hook functions,
    you could still just use restrictive hooks placed after the
    normal base logic checks.  
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Jun 13 2001 - 12:44:33 PDT