Re: [RFC][PATCH 11/11] security: AppArmor - Exportnamespace semaphore

[Arjan van de Ven]

On Thu, 2006-04-20 at 22:10 -0700, Linda Walsh wrote:
> Chris Wright wrote:
> > * Linda A. Walsh (law@xxxxxxxxx) wrote:  
> >>    "The *current* accepted way to get pathnames going into system 
> >> calls is
> >> to put a trap in the syscall vector processing code to be indirectly
> >> called through the ptrace call with every system call as audit 
> >> currently does..."?
> >>
> >>    Or is that not correct either? 
> > No it's not.  See getname(9).
> 
>    I'm familiar with the getname call, it's probably the case that
> audit calls getname to do the actual copy from user->kernel space, I
> haven't checked.  But I can't find the manpage you are referring to.

you CANNOT copy twice. If you copy twice you might as well not audit
since userspace can just change it inbetween. what audit does is use the
original ONE copy that the normal syscall does .


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/