On Thu, Jul 05, 2001 at 11:14:11PM -0700, Crispin Cowan wrote: > Greg KH wrote: > > > An inode can point to any number of valid paths to that file. Think of > > multiple mounts of a filesystem at different places in the tree. > > (Hm, let's mount /dev/hdd8 at /etc, /tmp/etc, /var/etc, and > > /home/foo/etc ) > > So reconstruction the original path from a inode is almost impossible. > > How about if modules that want reliable absolute paths just disable the > horrible abomination known as multiple mount points? I agree with Valdis. Just prevent anyone from running mount(8) in the first place, and you will not have to worry about multiple mounts at all. But remember to watch out for the fun that is per-process namespaces which will be happening in 2.5: http://lwn.net/2001/0301/a/namespaces.php3 And you thought multiple mount points were bad :) greg k-h (actually pre-process namespaces are perfect for security, think chroot() that actually works...) _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 08:46:19 PDT