Quoting Valdis.Kletnieksat_private <Valdis.Kletnieksat_private> on Fri, Jul 25 15:33: > > Does deny_write_access do checks for the block numbers of writes to /dev/hda7 > or wherever your /usr/local happens to live? > > Does deny_write_access have the desired effect if somebody finds a way to scribble > on /dev/mem or /dev/swap? > > Remember - I don't necessarily need to open /bin/login for writing in order to modify > a page that /bin/login ends up executing as code..... Can you elaborate on this? Except for direct writing to memory or swap, how else can a page be modified after reading it off disk but before executing it? I was assuming that the kernel is in the path of every write operation that happens (baring direct to memory/swap listed above). If the write operations can be detected then I can implement a caching scheme that does not recheck files that have not been modified. I was also assuming that if you are paranoid enough to worry about direct memory modification then you will also run something like SELinux. Stacking these two modules would give stronger assurances about what the machine is actually doing. No system is fool proof, but upping the bar is always a good thing. -- The future arrives before we expect it, but is seldom what we expect.
This archive was generated by hypermail 2b30 : Fri Jul 25 2003 - 12:46:43 PDT