On Wed, Jul 18, 2001 at 03:32:48PM -0700, Crispin Cowan wrote: > > If someone has a practical, detailed way to construct the name, please > speak up. Note that it is not sufficient to be able to construct *some* > name that *could* have been used to open the file: we need the actual name > that was used to make the request. > > On the other hand, if what you have is a heart-felt conviction that there > must be some way to do it ... save it, we've heard that :-) We need the > details, not the encouragement. I've said in private email to you and your group that there is a way to do it, and outlined it. I can do it again here if you really want me to. In short, you have to stop thinking of path names being the end all, and have to start worrying about inodes _if_ you allow multiple mounts. Just knowing the original path that was taken to get to a file isn't going to help you out, you _need_ to know them all. If you don't allow multiple mounts, then you do not have a problem. A inode has a dentry list which will contain only one dentry. Hence the pathname to the file. I can write some specific code, based on the last release of SubDomain to do this if you want proof, but I really don't want to do that :) greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 17:38:29 PDT