Re: Names vs. Inodes

• Previous message: James Morris: "[PATCH] net device hooks"
• In reply to: Crispin Cowan: "Re: Names vs. Inodes"
• Next in thread: Crispin Cowan: "Re: Names vs. Inodes"
• Reply: Crispin Cowan: "Re: Names vs. Inodes"
• Reply: Seth Arnold: "Re: Names vs. Inodes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 20 Jul 2001, Crispin Cowan wrote:

> To correct an (apparently common todya) misconception, SubDomain does not
> deny access to specified names.  SubDomain grants access to specified
> names, and denies access to everything else.  This is a subtle but
> important consideration with respect to the validity of denying access to a
> file based on its name, when in fact the file could be aliased under a
> different name with a hard link.

This would seem to me to be an excellent description of a "permissive"
policy.  Protection of the core file (restrictive) would be applied at 
the deepest (inode) level, but confined applications would be 
permitted *specific* accesses based on filename.

Perhaps this is only "permissive relative to LSM-sea-level", but is it not
permissive?  The difference is subtle, but add the fact that other
security modules MIGHT care about "unconfined" processes/programs,
rather then just lumping them into "trusted", it would seem a fine-but-- 
useful distinction.

Since there are "standard" security functions already in place in the
kernel, which COULD provide restrictive control that is widely understood, 
and a little "permissive tweaking" COULD allow "confined processes" to get
access they otherwise wouldn't have a prayer of getting, I see a need for
authoritative, if not permissive, tweaks to LSM as being inherent in this 
strategy.

Inquiringly,
J. Melvin Jones 


|>------------------------------------------------------
||  J. MELVIN JONES            jmjonesat_private 
|>------------------------------------------------------
||  Microcomputer Systems Consultant  
||  Software Developer
||  Web Site Design, Hosting, and Administration
||  Network and Systems Administration
|>------------------------------------------------------
||  http://www.jmjones.com/
|>------------------------------------------------------






_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Crispin Cowan: "Re: Names vs. Inodes"
• Previous message: James Morris: "[PATCH] net device hooks"
• In reply to: Crispin Cowan: "Re: Names vs. Inodes"
• Next in thread: Crispin Cowan: "Re: Names vs. Inodes"
• Reply: Crispin Cowan: "Re: Names vs. Inodes"
• Reply: Seth Arnold: "Re: Names vs. Inodes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 12:30:27 PDT