Stephen Smalley wrote: > It is certainly possible to reconstruct a pathname from an inode, > but from your message below it sounds as though you want the > particular pathname requested by the application. That sounds > very similar to a request by the SGI folks. But I don't understand > the rationale. Do you want to protect a file differently if it > is accessed via one pathname than if it is accessed via a different > pathname? That seems very prone to vulnerabilities. A concrete > example, perhaps? For an audit trail to be useful it needs to include both the pathname requested and a "real" pathname for the file. The requested pathname is not sufficient because of mount points, symlinks, moldy directories, pseudo filesystems, and links. The actual name is not sufficient because it may bear no resemblence to what the user tried to do, for the same reason. System V/MLS put just the dev/inode in their audit records. All directory entry changes (creat, link, unlink, ...) had to be tracked. At mount time the entire filesystem namespace was recorded. This worked for 2MB file systems, but would not be recommened for multiple terabyte ones. -- Casey Schaufler Manager, Trust Technology, SGI caseyat_private voice: 650.933.1634 casey_pat_private Pager: 888.220.0607 _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 09:35:38 PDT