Re: Howto read a file off disk?

From: Omen Wild (Omen.Wildat_private)
Date: Wed Jul 16 2003 - 19:41:02 PDT

  • Next message: Valdis.Kletnieksat_private: "Re: Howto read a file off disk?"

    Quoting Valdis.Kletnieksat_private <Valdis.Kletnieksat_private> on Wed, Jul 16 17:27:
    >
    > Of course, a sane policy would make sure that all the directories involved
    > were immutable in some fashion, preventing symlink races and the like,
    > so it's probably NOT a real issue (if you're worried about security, you
    > shouldn't be allowing binaries to be run from /tmp, no matter HOW valid
    > they look. ;)
    
    For now we're happy to leave that to another security module.  We'd
    just like to be able to ensure the contents of certain files are what
    they're suppose to be.
    
    Quoting Valdis.Kletnieksat_private <Valdis.Kletnieksat_private> on Wed, Jul 16 22:19:
    > 
    > (Having said that, I still think a userspace callback is probably a better idea
    > unless you *really* know what you're doing. ;)
    
    I'm certainly a complete newbie when it comes to kernel hacking.  I
    /thought/ the easiest way to accomplish this would be to check the
    files as they are opened.  If the kernel calls out to user-space when a
    file is open to get a pass/fail response, then user-space is going to
    open the file to checksum it, which is going to cause a recursive loop.
    I'm sure there are safe ways to solve that, but I'll have to think
    about it.
    
    Doing it in kernel has the advantages that everything you need to trust
    to do the checking is self contained.  If there is a user-space daemon
    running, then that needs to be integrity checked before it can be used,
    thus the kernel needs to do the checking, and if it can check that
    file, it should be able to check all files.
    
    I'll take a look at the way usb does the callouts, maybe that'll give
    me some ideas.
    
    Question: would a kernel thread work for something like this?  It would
    be self contained within the kernel, so if the kernel is verified to be
    the correct one, then the thread would be protected against tampering.
    Can kernel threads open files on their own behalf?
    
    Thanks,
       Omen
    
    -- 
    Undetectable errors are infinite; detectable
    errors by definition are finite.
    
    
    

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module



    This archive was generated by hypermail 2b30 : Wed Jul 16 2003 - 19:41:58 PDT