On Fri, 31 Jan 2003 01:10, Casey Schaufler wrote: > > > In order to get any of those messages you will have had to access > > > the object to determine that it's a directory. The access check > > > will have been done (it had better!) before you go looking around > > > in the object. > > > > Sorry, no. Type checking often occurs before any kind of permission > > check to the object, whether we are talking about DAC or the LSM hook > > call. > > And in a DAC only world that's understandable because you're > allowed to look at the attributes even if the file mode is 000. > In a MAC world, however, you won't be permitted to look at > the attributes that tell you its a directory if you're not > cleared to read the file. This is the way that all LSPP systems > work today. With the way that SE Linux works you can't stop readdir() from showing the name of a file or directory if the parent directory is readable. Does this come from SE Linux or LSM? Isn't the name of a directory entry more important than the type of object it is? -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 17:32:25 PST