Re: Kernel Security Extensions USENIX BOF Summary

• Previous message: Stephen Smalley: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• In reply to: Crispin Cowan: "Re: Kernel Security Extensions USENIX BOF Summary"
• Next in thread: Greg KH: "Re: Kernel Security Extensions USENIX BOF Summary"
• Next in thread: Crispin Cowan: "Re: Kernel Security Extensions USENIX BOF Summary"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 05 Jul 2001 23:14:11 PDT, Crispin Cowan <crispinat_private>  said:

> How about if modules that want reliable absolute paths just disable the
> horrible abomination known as multiple mount points?

This only works if you can guarantee that a multiple mount would in fact
be *multiple*.  If an attacker can manage to force an umount() or get
control before the file system is mounted (which may be easy if the file
system is one that is unmounted when not in use), and can get a mount
of the file system to some OTHER mount point, you have a problem.

Yes, I know that if an attacker can do mount/unmount, you're in trouble
already - but it sounds like the requirement is for "be able to protect a
critical file *even if* the system has been partially subverted".

If I'm missing the point, I'm sure I'll be adequately flamed for it ;)
-- 
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech

• application/pgp-signature attachment: stored

• Next message: Greg KH: "Re: Kernel Security Extensions USENIX BOF Summary"
• Previous message: Stephen Smalley: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• In reply to: Crispin Cowan: "Re: Kernel Security Extensions USENIX BOF Summary"
• Next in thread: Greg KH: "Re: Kernel Security Extensions USENIX BOF Summary"
• Next in thread: Crispin Cowan: "Re: Kernel Security Extensions USENIX BOF Summary"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 08:20:26 PDT