David Wagner wrote: >I probably didn't understand well enough what the goal is and how the >above race condition could violate the goal. > an LSM module. It has to do with trying to make RaceGuard (our kernel enhancement to prevent file system race attacks, USENIX Security '01). > Is the goal to log all >writes to an executable file? If so, isn't this ... gasp ... audit? >(expressions of horror all around, I'm sure) > No, it's not audit :-) It's a access control scheme where you don't get to create executables without signing them with a public/private key pair. >If there is a race condition in existing hooks, I'm wondering whether > The race condition is between exec'ing a file and writing to the file, not in the LSM hooks. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Oct 01 2001 - 22:26:28 PDT