* Russell Coker (russellat_private) wrote: > On Fri, 31 Jan 2003 01:10, Casey Schaufler wrote: > > And in a DAC only world that's understandable because you're > > allowed to look at the attributes even if the file mode is 000. > > In a MAC world, however, you won't be permitted to look at > > the attributes that tell you its a directory if you're not > > cleared to read the file. This is the way that all LSPP systems > > work today. > > With the way that SE Linux works you can't stop readdir() from showing the > name of a file or directory if the parent directory is readable. Does this > come from SE Linux or LSM? LSM only checks on read for a dir during readdir/getdents. Of course, if you later try and open, stat, or otherwise use the name to access the inode, you will have to pass more checks. > Isn't the name of a directory entry more important than the type of object it > is? Could be, just depends. If the name is well-known, probing techniques that let you know can be problematic. But if it's called, joes_pink_slip.txt, just knowing the filename could be an information leak ;-) LSM does not try to close covert channels. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 11:49:40 PST