Warning about accessing file

Discuss and suggest new grsecurity features

Warning about accessing file

Postby cmouse » Fri Oct 22, 2004 8:02 am

Would it be possible to move the code that checks for file access so that the 'normal' access is checked first (user,group,world) and after that the ACL check is done. Now I get "bogus" warning from programs trying to access a file that they wouldn't have access anyways due to filesystem restrictions.
cmouse
 
Posts: 98
Joined: Tue Dec 17, 2002 10:58 am

Postby spender » Tue Oct 26, 2004 6:53 pm

For which system calls in particular? I doubt I'll be able to do it for most, as the permission checking is done after all dentry/vfsmnt information has been stripped down to struct inode, and I need the dentry/vfsmnt information to do my lookups.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby cmouse » Thu Oct 28, 2004 7:32 am

Sorry, this was a user error. :cry:
cmouse
 
Posts: 98
Joined: Tue Dec 17, 2002 10:58 am


Return to grsecurity development