Re: c2 (or c2-like) auditing for Linux

From: Chris Wright (chrisat_private)
Date: Thu Jan 30 2003 - 14:24:15 PST

  • Next message: James Morris: "[PATCH] LSM networking: introduction (0/8)"

    * Stephen D. Smalley (sdsat_private) wrote:
    > > In order to get any of those messages you will have had to access
    > > the object to determine that it's a directory. The access check
    > > will have been done (it had better!) before you go looking around
    > > in the object.
    > Sorry, no.  Type checking often occurs before any kind of permission
    > check to the object, whether we are talking about DAC or the LSM hook call.
    This is the crux of the difficulty of a standards compliant audit within
    the kernel.
    Linux Security Modules
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 14:26:38 PST