Re: c2 (or c2-like) auditing for Linux

From: Chris Wright (chrisat_private)
Date: Thu Jan 30 2003 - 14:24:15 PST

  • Next message: James Morris: "[PATCH] LSM networking: introduction (0/8)"

    * Stephen D. Smalley (sdsat_private) wrote:
    > 
    > > In order to get any of those messages you will have had to access
    > > the object to determine that it's a directory. The access check
    > > will have been done (it had better!) before you go looking around
    > > in the object.
    > 
    > Sorry, no.  Type checking often occurs before any kind of permission
    > check to the object, whether we are talking about DAC or the LSM hook call.
    
    This is the crux of the difficulty of a standards compliant audit within
    the kernel.
    -chris
    -- 
    Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 14:26:38 PST