Re: Possible system call interface for LSM

• Previous message: richard offer: "Re: Possible system call interface for LSM"
• In reply to: Greg KH: "Re: Possible system call interface for LSM"
• Next in thread: Crispin Cowan: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Reply: Crispin Cowan: "Re: Possible system call interface for LSM"
• Reply: jmjonesat_private: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Greg KH  wrote:
>Ah, but Stephans program should first validate that the kernel is
>running SELinux by some other method than the syscall [...]

Are there race conditions here?  What if someone does a
'rmmod selinux; insmod subdomain' between the time when
you check for the presence of SELinux and use the syscall?

It might be that an advantage of having the invoker of the
syscall explicitly specify which module they expect to be
handling this is that it rules out attacks like this where
you might get unexpected (and hence undesired) behavior.

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Crispin Cowan: "Re: Possible system call interface for LSM"
• Previous message: richard offer: "Re: Possible system call interface for LSM"
• In reply to: Greg KH: "Re: Possible system call interface for LSM"
• Next in thread: Crispin Cowan: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Reply: Crispin Cowan: "Re: Possible system call interface for LSM"
• Reply: jmjonesat_private: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 17:52:56 PDT