Re: RFC: sys_execve security kernel mod

• Previous message: Jesse Pollard: "Re: RFC: sys_execve security kernel mod"
• In reply to: Jesse Pollard: "Re: RFC: sys_execve security kernel mod"
• Next in thread: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• Next in thread: Chris Wright: "Re: RFC: sys_execve security kernel mod"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 21, 2002 at 08:13:18AM -0500, Jesse Pollard wrote:
> 
> Of course mtime can be faked - just look at touch - it modifies access time
> (-a) and mtime (-m) dates associated with the file. The only way to stop that
> would be to put a cookie into the inode that gets cleared on any write to the
> file data blocks and where ctime or mtime fields in the inode are modified.

That's a good idea.

greg k-h
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Wright: "Re: RFC: sys_execve security kernel mod"
• Previous message: Jesse Pollard: "Re: RFC: sys_execve security kernel mod"
• In reply to: Jesse Pollard: "Re: RFC: sys_execve security kernel mod"
• Next in thread: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• Next in thread: Chris Wright: "Re: RFC: sys_execve security kernel mod"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 09:29:37 PDT