Quoting Jesse Pollard <jesse@cats-chateau.net> on Thu, Jul 24 15:23: > > The inode becomes equivalent to the name, but with the added fact that it > is unique. This also allows the user/administrator to rename the file without > having to recompute the hash. I believe that could be a security hole. If my module is protecting /bin/ls and someone deletes it and copies in a Trojaned version (which has a new inode #) then that fact would never be caught. Someone pointed me at the inode_unlink and inode_post_rename hooks that may allow me to work around that problem, but I have not thought about that approach enough to be sure it will work. -- Due to a shortage of devoted followers, the production of great leaders has been discontinued.
This archive was generated by hypermail 2b30 : Thu Jul 24 2003 - 13:28:41 PDT