Re: get_write_access hook

• Previous message: Stephen Smalley: "Re: get_write_access hook"
• In reply to: Crispin Cowan: "Re: get_write_access hook"
• Next in thread: Crispin Cowan: "Re: get_write_access hook"
• Next in thread: Greg KH: "Re: get_write_access hook"
• Reply: Crispin Cowan: "Re: get_write_access hook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 01, 2001 at 10:25:18PM -0700, Crispin Cowan wrote:
> an LSM module. It has to do with trying to make RaceGuard (our kernel 
> enhancement to prevent file system race attacks, USENIX Security '01).
> 
> > Is the goal to log all
> >writes to an executable file?  If so, isn't this ... gasp ... audit?
> >(expressions of horror all around, I'm sure)
> >
> No, it's not audit :-)  It's a access control scheme where you don't get 
> to create executables without signing them with a public/private key pair.

Wait, do you need this hook for RaceGuard or CryptoMark?  I'm confused.

> The race condition is between exec'ing a file and writing to the file, 
> not in the LSM hooks.

The race condition you are talking about is the "standard" temp file
race, right?  Not any current kernel programming race?

thanks,

greg k-h

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Crispin Cowan: "Re: get_write_access hook"
• Previous message: Stephen Smalley: "Re: get_write_access hook"
• In reply to: Crispin Cowan: "Re: get_write_access hook"
• Next in thread: Crispin Cowan: "Re: get_write_access hook"
• Next in thread: Greg KH: "Re: get_write_access hook"
• Reply: Crispin Cowan: "Re: get_write_access hook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 02 2001 - 08:44:25 PDT