Re: c2 (or c2-like) auditing for Linux

From: Crispin Cowan (crispinat_private)
Date: Thu Jan 30 2003 - 19:06:17 PST

  • Next message: Mikel L. Matthews: "Re: c2 (or c2-like) auditing for Linux"

    Casey Schaufler wrote:
    
    >And in a DAC only world that's understandable because you're
    >allowed to look at the attributes even if the file mode is 000.
    >In a MAC world, however, you won't be permitted to look at
    >the attributes that tell you its a directory if you're not
    >cleared to read the file. This is the way that all LSPP systems
    >work today.
    >
    See David Miller's response to the networking hooks, and imagine trying 
    to convince him of the merit of putting security checks ahead of error 
    checking :-)
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX                      http://wirex.com/~crispin/
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    			    Just say ".Nyet"
    
    
    
    

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module



    This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 19:07:30 PST