On Thursday 24 July 2003 14:52, Omen Wild wrote: > Quoting Chris Wright <chrisat_private> on Thu, Jul 24 10:56: > > The short answer is, you can't. There is nothing that guarantees a > > single canonical path to an inode. Think hard links, multiple mount > > points, and bind mounts. > > Hmmm, maybe I'm approaching all of this from the wrong hook then. > Maybe file_permission is what I want. > > So, new questions. If file_permission gets called for every read/write > call, is there an easy way to detect the very first call? > > If I tap file_permission will that cover all ways for a > file/program/library to get loaded or executed? > > I guess the hook I really want is a file_open hook, but that seems to > be inode_permission, which does not seem to be the hook I want. Ack, > I'm confused. Why bother useing the filename anyway.. When you build the list, store the hash indexed by the device/inode (or have one file per mounted device). The inode becomes equivalent to the name, but with the added fact that it is unique. This also allows the user/administrator to rename the file without having to recompute the hash. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jul 24 2003 - 13:24:14 PDT