* frm alan@lxorguk.ukuu.org.uk "08/04/01 09:24:11 +0000" | sed '1,$s/^/* /'
*
*> System calls are overridden by pointing sys_call_table[system call] to a
*> replacement function which saves off the data for auditing purposes,
*> then calls the original system call.
*
* Ugly but that bit probably ties in with all the other folks trying to put
* together a unified security hook set for 2.5
Simply wrapping the system calls isn't going to get a CAPP (or C2)
compliant audit implementation. It also isn't how the "unified security
hooks" (aka LSM, Linux Security Modules) are working.
SGI is working towards a CAPP compliant audit implementation under the LSM
framework, I'd suggest that you head over to http://lsm.immunix.org/ for
more details on LSM.
richard.
-----------------------------------------------------------------------
Richard Offer Technical Lead, Trust Technology, SGI
"Specialization is for insects"
_______________________________________________________________________
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Aug 07 2001 - 21:00:41 EST