Re: Port of secure fd handling to LSM

From: Stephen Smalley (sdsat_private)
Date: Tue Aug 07 2001 - 05:32:49 PDT

  • Next message: richard offer: "Re: Port of secure fd handling to LSM"

    On Mon, 6 Aug 2001, richard offer wrote:
    > There is also a patch to add a new hook 
    >     static void dummy_binprm_flush (struct linux_binprm *bprm);
    > that is called from flush_old_exec().
    Do you really need this hook?  The original SELinux prototype
    did insert a call into flush_old_exec to revalidate access to
    open file descriptors, but in our LSM-based prototype, we found that we
    could just as easily implement the same processing in the 
    compute_creds hook.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 05:34:30 PDT