Re: Names vs. Inodes

• Previous message: Seth Arnold: "Re: Names vs. Inodes"
• In reply to: Greg KH: "Re: Names vs. Inodes"
• Next in thread: Greg KH: "Re: Names vs. Inodes"
• Next in thread: Stephen Smalley: "Re: Names vs. Inodes"
• Reply: Greg KH: "Re: Names vs. Inodes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Greg KH wrote:

> On Wed, Jul 18, 2001 at 03:32:48PM -0700, Crispin Cowan wrote:
> >
> > If someone has a practical, detailed way to construct the name, please
> > speak up.  Note that it is not sufficient to be able to construct *some*
> > name that *could* have been used to open the file: we need the actual name
> > that was used to make the request.
> >
> > On the other hand, if what you have is a heart-felt conviction that there
> > must be some way to do it ... save it, we've heard that :-)  We need the
> > details, not the encouragement.
>
> I've said in private email to you and your group that there is a way to
> do it, and outlined it.  I can do it again here if you really want me
> to.
>
> In short, you have to stop thinking of path names being the end all, and
> have to start worrying about inodes _if_ you allow multiple mounts.
> Just knowing the original path that was taken to get to a file isn't
> going to help you out, you _need_ to know them all.

Your private e-mail seemed to mis-understand the SubDomain security model.
Yes, the absolute path name is the be-al and end-all that we need.  What you
outlined is an appropriate model for an ACL (access control list) model, but
SubDomain is the dual of that.


> If you don't allow multiple mounts, then you do not have a problem.  A
> inode has a dentry list which will contain only one dentry.  Hence the
> pathname to the file.

As Seth alludes to, hard links are the other way a file can be aliased, and
according to Chris, the inode (which is what we're presently hooking) provides
a list of dentries, reflecting the hard link alias issue.

If you're going to the advanced PLUG meeting tonight, we can chat about it.


> I can write some specific code, based on the last release of SubDomain
> to do this if you want proof, but I really don't want to do that :)

We're not just being stubborn; Steve, Chris, and Seth spent two hours off-site
today, trying to brainstorm a solution, and they keep hitting road blocks.
This is a tough problem, and putting the name hook back is starting to look
attractive.

Crispin

--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: James Morris: "Re: TODO list"
• Previous message: Seth Arnold: "Re: Names vs. Inodes"
• In reply to: Greg KH: "Re: Names vs. Inodes"
• Next in thread: Greg KH: "Re: Names vs. Inodes"
• Next in thread: Stephen Smalley: "Re: Names vs. Inodes"
• Reply: Greg KH: "Re: Names vs. Inodes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 19:00:19 PDT