Re: [PATCH] New sys_chmod() hook for the LSM framework

From: Lorenzo Hernández García-Hierro
Date: Wed Feb 09 2005 - 09:12:25 EST

Next message: Stefan Knoblich: "[PATCH] 2.6 - alpha: add missing dma_mapping_error"
Previous message: Thomas Gleixner: "Re: Preempt Real-time for ARM"
In reply to: Chris Wright: "Re: [PATCH] New sys_chmod() hook for the LSM framework"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

El mar, 08-02-2005 a las 16:15 -0800, Chris Wright escribió:
> * Lorenzo Hernández García-Hierro (lorenzo@xxxxxxx) wrote:
> > As commented yesterday, I was going to release a few more hooks for some
> > *critical* syscalls, this one adds a hook to sys_chmod(), and makes us
> > able to apply checks and logics before releasing the operation to
> > sys_chmod().
>
> This is exactly the kind of hook we've tried to avoid. This is really
> asking for permission to alter inode attribute data. This type of
> hook is incomplete because there are other ways to alter this data,
> and this access is already controlled by the inode_setattr hook (as
> Tony mentioned). So this is a no go.

Right, the patch is no longer available as notify_change grabs the
inode_setattr hook returned data.

Did you checked the other one on sys_chroot()? (I've updated it a day or
so ago).

Cheers, thanks for commenting on it.
--
Lorenzo Hernández García-Hierro <lorenzo@xxxxxxx>
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]

Attachment: signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmadadigitalmente

Next message: Stefan Knoblich: "[PATCH] 2.6 - alpha: add missing dma_mapping_error"
Previous message: Thomas Gleixner: "Re: Preempt Real-time for ARM"
In reply to: Chris Wright: "Re: [PATCH] New sys_chmod() hook for the LSM framework"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]