[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Decoding arguments passed to system calls



On Tuesday 03 July 2007 10:38:05 am Stephen Smalley wrote:
> One caveat though - auditing of write() won't catch all possible ways of
> modifying the file data, e.g. one could mmap() the file with MAP_SHARED
> and then write to the memory, followed by msync or munmap.

Agreed. And another gotcha is programs that could pass a descriptor across 
af_unix sockets where it is then mmap'ed. There is also sendfile which could 
send the file away to be viewed by other people and there is splice() & 
tee(2). Don't forget the *at() syscalls, too. IOW, I think the problem is 
trickier than it might initially appear.

Based on your requirements, you might want to consider putting in place some 
SE Linux policy to control the different ways that a file can be accessed to 
keep apps honest. Then you don't need to worry about all the sneak paths that 
could subvert the audit system.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]