Valdis.Kletnieksat_private wrote: >On Wed, 26 Sep 2001 16:00:03 PDT, richard offer <offerat_private> said: > >>Not to get defensive, but I didn't say anything about adding code for >>audit, I just wanted to see if anyone had worked around the same issue and >>if so, what subtle logic was I missing. >> >I obviously mis-read it the first time - *I* thought you were commenting >that the hook wasn't given enough information to know if we were dealing >with a chdir/getwd(), or if we were walking a filename prepratory to >actually open()ing it or something. I couldn't think of a security >policy that would say "I'll let you walk path A/B/C for *this* but >not for *that*", but one could exist I suppose? > How about a policy that lets you execute commands in /usr/private/bin but does not let you chdir to it, lest you do something naughty with "."? Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 26 2001 - 18:52:36 PDT