richard offer wrote: >path_walk is "transient", it doesn't affect any subsequent decisions. chdir >affects all subsequent (relative) file accesses. You mean, you're keeping shadow state about what directory the application is in? Isn't this really dangerous? If your shadow state ever becomes inconsistent with the kernel's state, your policy decision will be incorrect, and you can end up with serious security holes. From my point of view, one of the great advantages of LSM is that it gives us interfaces into the kernel that avoid the need to try to track what the kernel is doing, emulate its idiosyncracies, and keep shadow state. What is it you really want to do, and how can we improve LSM to enable what you want to do in a safer way? >I know, and if I could think cleverer I would, the real problem is the >overloading of the flags given to permission() Interesting observation. Some of these can be resolved unambiguously (e.g., MAY_EXEC on a directory vs. on a file), but I'm not sure that all can, and I can imagine that some others might be more important in some cases (e.g., create vs. delete). Good point. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 17:41:59 PDT