Re: How to get full pathname from an inode?

From: Chris Wright (chrisat_private)
Date: Fri Jul 25 2003 - 12:57:11 PDT

  • Next message: Omen Wild: "Re: How to get full pathname from an inode?"

    * Valdis.Kletnieksat_private (Valdis.Kletnieksat_private) wrote:
    > Lots of .so's. Those pages get protected *when*?
    
    Yes, sorry, I was only speaking of the actual binary.
    
    > Does deny_write_access do checks for the block numbers of writes to /dev/hda7
    > or wherever your /usr/local happens to live?
    
    No, this is a simple ETXTBSY on the inode (for normal open), and for
    inode backed mappings with VM_DENYWRITE flags in the vma (e.g. open_exec()).
    
    > Does deny_write_access have the desired effect if somebody finds a way to scribble
    > on /dev/mem or /dev/swap?
    
    /dev/mem, certainly not.  only saving grace there is that a /dev/mem
    capable writer completely owns the machine (i.e. CAP_SYS_RAWIO means
    you can dynamically patch the kernel itself), so let's hope it's well
    protected ;-)   /dev/swap is not an issue for text, as under pressure
    it will be dropped back to it's backing store, not written to swap.
    
    > Remember - I don't necessarily need to open /bin/login for writing in order to modify
    > a page that /bin/login ends up executing as code.....
    
    These are all good points, I was too narrowly focused on normal file
    open(2)/write(2)/execve(2) activity.
    
    thanks,
    -chris
    -- 
    Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Jul 25 2003 - 13:01:26 PDT