jmjonesat_private wrote: >Wouldn't it be useful for a userspace application that is >setuid root to be able to bypass the module's checks. >Isn't setuid ROOT generally assumed to be a "non-restricted" >condition? > >How does the new paradigm change that, specifically, and >why SHOULD it do that? > That is a policy that each module can determine. "setuid root" is an attribute of a file. "uid" and "euid" are attributes of processes. The module looks at the requestor (the process) and its attributes, and the object (file, network, whatever) and its attributes, and decides to grant or deny. Your module can do whatever it wants with that information. Meta-comment: no, I don't think this is a very good idea. Most of the LSM projects that I understand go out of their way to NOT allow root (especially setuid root) to bypass the mandatory security policies that they are at such pains to put in place. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html The Olympic Games: A Century of Corruption and Graft _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jan 24 2002 - 12:59:18 PST