[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-security-module
Subject: Re: RFC: sys_execve security kernel mod
From: Chris Wright <chris () wirex ! com>
Date: 2002-06-21 22:41:29
[Download RAW message or body]
* J. Paul Reed (preed@sigkill.com) wrote:
> On Fri, 21 Jun 2002, Chris Wright wrote:
>
> > ctime can be modified from userspace. the same touch(1) attack using
> > sys_utime(2) will update both mtime and ctime.
>
> Yeah, but as I remember it, ctime logs inode changes... so they can change
> the ctime from userspace with touch all the want, but the kernel will
> always update the ctime to the current (inode change) time when the
> operation is complete.
Yes. I was thinking of the DoS potential when ctimes don't match, but
the md5sum hasn't really changed. Sorry for the confusion.
cheers,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
_______________________________________________
linux-security-module mailing list
linux-security-module@wirex.com
http://mail.wirex.com/mailman/listinfo/linux-security-module
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic