Fwd: Fwd: Getting path in inode_permission
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Tue Feb 10 17:59:22 EST 2015
On Wed, 11 Feb 2015 03:42:50 +0530, noyb noybee said:
> Apologies for the late reply.
>
> > Plus the whole passphrase thing is probably equally easy to defeat. (Hint -
> > how does the passphrase get passed to the kernel in the first place?)
>
> I am planning to create a new system call for that and I am not sure
> how that would be insecure. Please correct me if I am wrong.
You missed the point. How does the process *securely* get the passphrase
that will be passed into the syscall? (Hint - a keystroke logger is only
the *start* of your problems. Think about why the kernel module signing
code uses public-key crypto instead of symmetric private keys...)
> What you're saying is definitely simpler than my approach but it
> probably violates some POSIX standards(including chdir in chroot)
> which I don't want to. Also, I aim for my tool to be just a simple
> addendum to the traditional system call rather than adding a
> completely new call to handle the entire process.
The problem with "simple addendum" is that it's *really* hard to get it right.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20150210/74e85841/attachment.bin
More information about the Kernelnewbies
mailing list