Re: Port of secure fd handling to LSM

• Previous message: Stephen Smalley: "Re: Problems with some of the current hooks"
• In reply to: richard offer: "Port of secure fd handling to LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 6 Aug 2001, richard offer wrote:

> There is also a patch to add a new hook 
> 
>     static void dummy_binprm_flush (struct linux_binprm *bprm);
> 
> that is called from flush_old_exec().

Do you really need this hook?  The original SELinux prototype
did insert a call into flush_old_exec to revalidate access to
open file descriptors, but in our LSM-based prototype, we found that we
could just as easily implement the same processing in the 
compute_creds hook.

--
Stephen D. Smalley, NAI Labs
ssmalleyat_private





_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: richard offer: "Re: Port of secure fd handling to LSM"
• Previous message: Stephen Smalley: "Re: Problems with some of the current hooks"
• In reply to: richard offer: "Port of secure fd handling to LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 05:34:30 PDT