Re: question about bprm_ops->alloc_security(&bprm)

Previous message: Stephen Smalley: "Re: question about bprm_ops-&gt;alloc_security(&amp;bprm)"
In reply to: Huagang Xie: "Re: question about bprm_ops-&gt;alloc_security(&amp;bprm)"
Next in thread: Huagang Xie: "new hook patch and LIDS patch for LSM Re: question about bprm_ops-&gt;alloc_security(&amp;bprm)"
Reply: Huagang Xie: "new hook patch and LIDS patch for LSM Re: question about bprm_ops-&gt;alloc_security(&amp;bprm)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sdsat_private

On Tue, 12 Feb 2002, Huagang Xie wrote:

> And other question for readdir..LIDS has a feature to hide a file/dir,
> the way to do it is when fill kernel get the dir entry, it call
> filldir() in fs/readdir.c to generate a file-list. LIDS hook in this
> function and do a check there..I wonder if LSM can also provide a hook in
> this function or other function that can archie the same result.

I'm not sure that this falls within the scope of LSM, which is focused on
access control.  I'm also not sure how useful such filtering is.  You
would still need to control attempted accesses to the file using the other
LSM inode hooks, and a process could probe for the existence of the file
by trying to create a file with the same name.  If you want to hide the
filename, put it in a directory that can't be read.

--
Stephen D. Smalley, NAI Labs
ssmalleyat_private

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module