Re: RFC: sys_execve security kernel mod

• Previous message: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• In reply to: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• Next in thread: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* J. Paul Reed (preedat_private) wrote:
> On Fri, 21 Jun 2002, Chris Wright wrote:
> 
> > ctime can be modified from userspace.  the same touch(1) attack using
> > sys_utime(2) will update both mtime and ctime.
> 
> Yeah, but as I remember it, ctime logs inode changes... so they can change
> the ctime from userspace with touch all the want, but the kernel will
> always update the ctime to the current (inode change) time when the
> operation is complete.

Yes.  I was thinking of the DoS potential when ctimes don't match, but
the md5sum hasn't really changed.  Sorry for the confusion.

cheers,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen Smalley: "Re: Module Identifier"
• Previous message: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• In reply to: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• Next in thread: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 15:41:24 PDT