On Tue, 5 Feb 2002, Crispin Cowan wrote: > * I mediate open, so that only the privileged parts of my process > can open the sensitive files. > * I do *not* believe that I can control the spread of file > descriptors within a process, so I need to mediate access by > mediating read/write. Just a query: suppose a process passes a file descriptor via IPC to another point in the same process? I agree you cannot (only in my estimation) control this situation, without imposing certain requirements on the application. Do we need read/write moderation? I think we do. Are all cases covered? Sincerely, J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 11:03:24 PST