program loading path name

jamesbjohnson

To manage the process of loading new programs AppCL LSM will use the LSM program loading hooks that mediate program loading. The ‘linux_binprm’ structure represents a new program being loaded during an execve.

Initially the ‘bprm_set_creds’ hook is initialised as shown below. Currently the path name for the loading program is identified (fpath_name) through the ‘linux_binprm’ structure.

Screen Shot 2015-12-02 at 10.50.33

The screenshot below shows the output from the kernel log when running a number of command line programs. The path name for each program is identified and detailed below.

Screen Shot 2015-12-02 at 09.51.44

Program ‘tail‘ : Path ‘/usr/bin/tail

Program ‘ls‘ : Path ‘/bin/ls

Program ‘cat‘ : Path ‘/bin/cat

The path name of a program on the system can act as a program specific identifier to allow AppCL LSM to identify programs and mediate privileges based on this.

To view the public git for this project visit:

https://github.com/jamesbjohnson/appcl-lsm-public

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s