* frm dawat_private "09/26/01 00:24:46 +0000" | sed '1,$s/^/* /' * * richard offer wrote: *> path_walk is "transient", it doesn't affect any subsequent decisions. *> chdir affects all subsequent (relative) file accesses. * * You mean, you're keeping shadow state about what directory the application * is in? Isn't this really dangerous? If your shadow state ever becomes * inconsistent with the kernel's state, your policy decision will be * incorrect, and you can end up with serious security holes. * * From my point of view, one of the great advantages of LSM is that it gives * us interfaces into the kernel that avoid the need to try to track what * the kernel is doing, emulate its idiosyncracies, and keep shadow state. * What is it you really want to do, and how can we improve LSM to enable * what you want to do in a safer way? I don't want to keep shadow state to emulate what the kernel is doing, I just want to record the directory/file that has been passed to sys_chdir() for audit. Without adding a bunch of new hooks (which is what we initally proposed) we're limited to (effectively) multiplexing a lot through permission() (and a bunch of other "super hooks", ie setattr() ) richard. ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology, SGI "Specialization is for insects" _______________________________________________________________________ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 18:02:41 PDT