On Thu, Jul 05, 2001 at 02:09:30PM -0400, Stephen Smalley wrote:
> Using inodes at runtime seems preferable to us - you want to protect
> data contained in an object, not a pathname.
I'm not sure this is always the case. While it might make great sense
for user data, there are system configuration files at Well Known
Locations where the data in the file needs to be protected -- at that
location.
Perhaps some examples: /etc/shadow, /etc/hosts, /vmlinu[xz], /etc/lilo.conf
/etc/hosts.{allow|deny|options}, /etc/ld.so.{conf|cache}, /etc/exports,
/etc/fstab.
Each of these files is needed at some point or another to remain
unchanged *in its current location*.
Keeping track of only the inode, if I am not mistaken, would allow for
moving the file to another location and placing another file in the well
known location. (Of course, the other modules will protect the well
known files by protecting the directories containing those files;
however, this model is not SubDomain's model.)
Seth
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jul 05 2001 - 13:16:25 PDT