| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200711171423.GGC65617.HLJQtFSFOVOMFO@I-love.SAKURA.ne.jp> Date: Sat, 17 Nov 2007 14:23:56 +0900 From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> To: trond.myklebust@....uio.no Cc: akpm@...ux-foundation.org, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [TOMOYO #5 02/18] Add wrapper functions for VFShelperfunctions. Hello. Trond Myklebust wrote: > I'm confused. How do you tell the difference between a 'userland' > request and a 'kernel' request, and why is the latter safe from a > security perspective? For example, if userland process wants to create a directory, it will call mkdir(2). In the kernel, mkdir(2) is mapped to sys_mkdir(), sys_mkdir() calls sys_mkdirat(), sys_mkdirat() calls vfs_mkdir(). Therefore, there is a chance to tell whether vfs_mkdir() is triggered by userland process's request. Some kernel code *might* call sys_mkdir() too. But at least I think I can hook all requests triggered by userland process's request because routes to call vfs_mkdir() from userland is not infinite. We are regarding the kernel code as trusted. For example, no security checks for code that are called by only kernel. http://www.mail-archive.com/linux-security-module@vger.kernel.org/msg01830.html Regards. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists