Re: How to get full pathname from an inode?

• Previous message: Jesse Pollard: "Re: How to get full pathname from an inode?"
• In reply to: Valdis.Kletnieksat_private: "Re: How to get full pathname from an inode?"
• Next in thread: Valdis.Kletnieksat_private: "Re: How to get full pathname from an inode?"
• Next in thread: Chris Wright: "Re: How to get full pathname from an inode?"
• Reply: Valdis.Kletnieksat_private: "Re: How to get full pathname from an inode?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Valdis.Kletnieksat_private (Valdis.Kletnieksat_private) wrote:
> However - if the attacker is able to identify that your system is in use, it's
> simple enough to launch the binary and exploit the race condition - you are
> doing a check *at execve() time* - and there's no real guarantee that the 
> pages you checksummed are *STILL* the pages that actually get executed...

How do you figure this?  One of the first things execve() does (before
bprm based LSM hooks) is deny_write_access().  This means writers and
exec'ers are mutually exclusive.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Valdis.Kletnieksat_private: "Re: How to get full pathname from an inode?"
• Previous message: Jesse Pollard: "Re: How to get full pathname from an inode?"
• In reply to: Valdis.Kletnieksat_private: "Re: How to get full pathname from an inode?"
• Next in thread: Valdis.Kletnieksat_private: "Re: How to get full pathname from an inode?"
• Next in thread: Chris Wright: "Re: How to get full pathname from an inode?"
• Reply: Valdis.Kletnieksat_private: "Re: How to get full pathname from an inode?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 25 2003 - 11:37:25 PDT