Hi, Here is the patch for the the new hook needed for LIDS..it is named as security_ops->bprm_ops->check_security(&bprm); you can check the patch diff-lsm-new-hook for detail.. The second one is LIDS for LSM base on 2.5.2, it add new entry in security/Makefine , Makefile.in, Config.in. and a new dir under security named lids. It is patch to lsm-full-2002_01_15-2.5.2.patch with 2.5.2. to use it, patch the lsm-full-2002_01_15-2.5.2.patch first, and then this diff file. The lidstoos do not provided here, it is the same as LIDS 2.4.x and 2.5.x. any question, please let me know, Thanks, Huagang On Wed, 13 Feb 2002, Stephen Smalley wrote: > > On Tue, 12 Feb 2002, Huagang Xie wrote: > > > And other question for readdir..LIDS has a feature to hide a file/dir, > > the way to do it is when fill kernel get the dir entry, it call > > filldir() in fs/readdir.c to generate a file-list. LIDS hook in this > > function and do a check there..I wonder if LSM can also provide a hook in > > this function or other function that can archie the same result. > > I'm not sure that this falls within the scope of LSM, which is focused on > access control. I'm also not sure how useful such filtering is. You > would still need to control attempted accesses to the file using the other > LSM inode hooks, and a process could probe for the existence of the file > by trying to create a file with the same name. If you want to hide the > filename, put it in a directory that can't be read. > > -- > Stephen D. Smalley, NAI Labs > ssmalleyat_private > > > > _______________________________________________ > linux-security-module mailing list > linux-security-moduleat_private > http://mail.wirex.com/mailman/listinfo/linux-security-module > -- LIDS secure linux kernel http://www.lids.org/ 1024D/B6EFB028 4731 2BF7 7735 4DBD 3771 4E24 B53B B60A B6EF B028
This archive was generated by hypermail 2b30 : Thu Feb 14 2002 - 18:03:07 PST