>> MMAP_SHARED obviously changes this -- but to me the new aspects are shared >> memory semantics, and the existing protection is the same as that for normal >> shared memory. > > Shared mappings are the point. If you want to revoke access to an already > mapped file, then you also need to deal with any shared mappings, and > hooking filemap_nopage doesn't solve that problem. Yes you're right -- the hook would have to be in handle_pte_fault or establish_pte. >> Agreed. But I do think that the permission hooks in sys_read/sys_write are >> useless without an equivalent hook in the page fault. > > They are insufficient for fully supporting revocation. However, there are > other ways to implement revocation than revalidating access on each > read/write call or on each page fault. So perhaps you should be arguing > for the removal of the file_security_ops permission hook calls entirely. That was the implication I was trying to make. Sorry I should be more explicit. I think that the sys_read/write hooks and the page fault hook are useless without each other -- we should have both hooks or neither. Opinions? Antony _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Feb 05 2002 - 14:06:37 PST