Re: RFC: sys_execve security kernel mod

From: Chris Wright (chrisat_private)
Date: Fri Jun 21 2002 - 15:41:29 PDT

  • Next message: Stephen Smalley: "Re: Module Identifier"

    * J. Paul Reed (preedat_private) wrote:
    > On Fri, 21 Jun 2002, Chris Wright wrote:
    > > ctime can be modified from userspace.  the same touch(1) attack using
    > > sys_utime(2) will update both mtime and ctime.
    > Yeah, but as I remember it, ctime logs inode changes... so they can change
    > the ctime from userspace with touch all the want, but the kernel will
    > always update the ctime to the current (inode change) time when the
    > operation is complete.
    Yes.  I was thinking of the DoS potential when ctimes don't match, but
    the md5sum hasn't really changed.  Sorry for the confusion.
    Linux Security Modules
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 15:41:24 PDT