Re: c2 (or c2-like) auditing for Linux

• Previous message: Stephen D. Smalley: "Re: c2 (or c2-like) auditing for Linux"
• In reply to: Stephen D. Smalley: "Re: c2 (or c2-like) auditing for Linux"
• Next in thread: Casey Schaufler: "Re: c2 (or c2-like) auditing for Linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Stephen D. Smalley (sdsat_private) wrote:
> 
> > In order to get any of those messages you will have had to access
> > the object to determine that it's a directory. The access check
> > will have been done (it had better!) before you go looking around
> > in the object.
> 
> Sorry, no.  Type checking often occurs before any kind of permission
> check to the object, whether we are talking about DAC or the LSM hook call.

This is the crux of the difficulty of a standards compliant audit within
the kernel.
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: James Morris: "[PATCH] LSM networking: introduction (0/8)"
• Previous message: Stephen D. Smalley: "Re: c2 (or c2-like) auditing for Linux"
• In reply to: Stephen D. Smalley: "Re: c2 (or c2-like) auditing for Linux"
• Next in thread: Casey Schaufler: "Re: c2 (or c2-like) auditing for Linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 14:26:38 PST