[added Cc: to lsm list. please use the list, this is exactly what it's for] * Koichi ONOUE (koichiat_private) wrote: > I think that LSM-hook can defense attack using race condition, > but system-call based hook in kernel can also defense it. > If there is attack that LSM-hook can defense, but > system-call based hook in kernel cannot defense, please tell me, > if possible using concrete example. This is covered in the LSM USENIX Security paper <http://lsm.immunix.org/docs/lsm-usenix-2002/lsm.pdf> with citations to earlier work. See <http://www.cs.utah.edu/flux/papers/micro/node5.html> for some more details. Consider the race: user space makes syscall syscall hook lookup data <------- authorize access | | duplicate lookup is not atomic real syscall invoked | lookup data <------- access object The data is looked twice in a non-atomic way. System state can change between two lookups, so it is possible to authorize access to object that will not be used when the real syscall happens. -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Feb 14 2003 - 00:55:14 PST