Re: c2 (or c2-like) auditing for Linux

From: Stephen D. Smalley (sdsat_private)
Date: Thu Jan 30 2003 - 11:58:34 PST

  • Next message: Chris Wright: "Re: c2 (or c2-like) auditing for Linux"

    > In order to get any of those messages you will have had to access
    > the object to determine that it's a directory. The access check
    > will have been done (it had better!) before you go looking around
    > in the object.
    Sorry, no.  Type checking often occurs before any kind of permission
    check to the object, whether we are talking about DAC or the LSM hook call.
    Stephen Smalley, NSA
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 11:52:18 PST