* Koichi ONOUE (koichiat_private) wrote: > > Consider the race: > > > > user space makes syscall > > > > syscall hook > > lookup data <------- > > authorize access | > > | duplicate lookup is not atomic > > real syscall invoked | > > lookup data <------- > > access object > > > > The data is looked twice in a non-atomic way. System state can change > > between two lookups, so it is possible to authorize access to object > > that will not be used when the real syscall happens. > > > > If LSM hook, following access step is OK ? yes. > case :LSM hook > > syscall invoked > try to access object in kernel yes, this is both looking up the object and perhaps some normal UNIX permission checks. > LSM hook > authorize acess these are essentially the same step in the LSM architecture. > access object thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Feb 17 2003 - 19:31:10 PST