| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LRH.2.00.0908051159100.29562@tundra.namei.org> Date: Wed, 5 Aug 2009 12:02:39 +1000 (EST) From: James Morris <jmorris@...ei.org> To: Justin Banks <justinb@...bone.com> cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, Eric Paris <eparis@...hat.com> Subject: Re: security module question On Tue, 4 Aug 2009, Justin Banks wrote: > Hello - I'm trying to implement a security module that will allow or > disallow writes on files by byte ranges. Is there a way to use > inode_permission() to do this, or is there an alternative route I should > take? It doesn't look like inode_permission() will give me the data I > need (offset + length of write). This doesn't seem to fit with the LSM model, where access is mediated at object-level granularity. i.e. can user A read file B ? > Also, is there a security module that will examine data being written > for certain patterns or content? The fanotify / TALPA file access scanning work being done by Eric Paris might be more appropriate. See http://lwn.net/Articles/339399/ > Please CC: me on responses. I used to be subscribed, but the traffic was > just too much. You probably want the LSM mailing list (cc'd). -- James Morris <jmorris@...ei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists