Chris Wright wrote:
* Linda A. Walsh ([email protected]) wrote:
"The *current* accepted way to get pathnames going into system
calls is
to put a trap in the syscall vector processing code to be indirectly
called through the ptrace call with every system call as audit
currently does..."?
Or is that not correct either?
No it's not. See getname(9).
I'm familiar with the getname call, it's probably the case that
audit calls getname to do the actual copy from user->kernel space, I
haven't checked. But I can't find the manpage you are referring to.
I may be suffering from impaired "colloquialisms" in my writing, but
I was referring to the process of collecting pathnames for use in
a security policy (ex. audit, systrace or AppArmor) for the
kernel calls that take one or more pathnames being done via code
inserted into the system call code that is called with each system
call.
Whatever policy (audit, AppArmor, etc) is in place is then called
on every syscall and each policy then decides what actual
system calls it is interested in and then does call specific
argument processing to make a record of or enforce policy.
The argument processing would likely involve getname() to retrieve
the path from user space.
Is there something specific on the getname manpage you are
referring to or are we talking about the same thing?
Thanks for the clarification...:-)
Linda
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]