[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] (#4) auditfs



* Klaus Weidner (klaus atsec com) wrote:
> On Tue, Feb 22, 2005 at 01:58:42PM -0600, Timothy R. Chavez wrote:
> > And admitedly,  I am also being a little redundant in that
> > the original code can already provide us with the read() and write()
> > exit code and the file/directory being read from/written to.  However,
> > if we want to specifically monitor activity in the filesystem
> > surrounding watched objects, then wouldn't these hooks in read(),
> > write(), etc be vital?  Klaus?  How else will we know if a read() or
> > write() trully succeeded or failed on a watched filesystem object?
> 
> read() and write() aren't considered security relevant operations since
> they don't do any permission checks. From the CC point of view the
> interesting call is open(), and if that's properly handled it's enough.

Does this potentially change with LSPP?  Since LSM (SELinux as an
example) does actually check read/write?

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]