On Thu, 2006-04-20 at 22:10 -0700, Linda Walsh wrote: > Chris Wright wrote: > > * Linda A. Walsh ([email protected]) wrote: > >> "The *current* accepted way to get pathnames going into system > >> calls is > >> to put a trap in the syscall vector processing code to be indirectly > >> called through the ptrace call with every system call as audit > >> currently does..."? > >> > >> Or is that not correct either? > > No it's not. See getname(9). > > I'm familiar with the getname call, it's probably the case that > audit calls getname to do the actual copy from user->kernel space, I > haven't checked. But I can't find the manpage you are referring to. you CANNOT copy twice. If you copy twice you might as well not audit since userspace can just change it inbetween. what audit does is use the original ONE copy that the normal syscall does . - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- References:
- [RFC][PATCH 0/11] security: AppArmor - Overview
- From: Tony Jones <[email protected]>
- [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
- From: Tony Jones <[email protected]>
- Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
- From: Stephen Smalley <[email protected]>
- Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
- From: "Serge E. Hallyn" <[email protected]>
- Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
- From: Stephen Smalley <[email protected]>
- Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
- From: "Serge E. Hallyn" <[email protected]>
- Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
- From: Stephen Smalley <[email protected]>
- Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
- From: "Linda A. Walsh" <[email protected]>
- Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
- From: Christoph Hellwig <[email protected]>
- Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
- From: "Linda A. Walsh" <[email protected]>
- Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
- From: Chris Wright <[email protected]>
- Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
- From: Linda Walsh <[email protected]>
- [RFC][PATCH 0/11] security: AppArmor - Overview
- Prev by Date: [PATCH 2.6.17-rc2] ohci1394, sbp2: fix "scsi_add_device failed" with PL-3507 based devices
- Next by Date: [RFC: 2.6 patch] fs/namei.c: unexport __user_walk
- Previous by thread: Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
- Next by thread: Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
- Index(es):
 |