From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jeremy Maitin-Shepard <jbms@cmu.edu>
Subject: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
Date: Fri, 25 May 2007 01:17:36 -0400
Message-ID: <87lkfdpjm7.fsf@jbms.ath.cx>
References: <309300.41401.qm@web36615.mail.mud.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain
Cc: Andreas Gruenbacher <agruen@suse.de>,
	James Morris <jmorris@namei.org>
To: Casey Schaufler <casey@schaufler-ca.com>
Return-path: <linux-security-module-owner@vger.kernel.org>
Cc: linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org
In-Reply-To: <309300.41401.qm@web36615.mail.mud.yahoo.com> (Casey Schaufler's
	message of "Thu\, 24 May 2007 11\:58\:41 -0700 \(PDT\)")
Sender: linux-security-module-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

Casey Schaufler <casey@schaufler-ca.com> writes:

> On Fedora zcat, gzip and gunzip are all links to the same file.
> I can imagine (although it is a bit of a stretch) allowing a set
> of users access to gunzip but not gzip (or the other way around).
> There are probably more sophisticated programs that have different
> behavior based on the name they're invoked by that would provide
> a more compelling arguement, assuming of course that you buy into
> the behavior-based-on-name scheme. What I think I'm suggesting is
> that AppArmor might be useful in addressing the fact that a file
> with multiple hard links is necessarily constrained to have the
> same access control on each of those names. That assumes one
> believes that such behavior is flawwed, and I'm not going to try
> to argue that. The question was about an example, and there is one.

This doesn't work.  The behavior depends on argv[0], which is not
necessarily the same as the name of the file.

-- 
Jeremy Maitin-Shepard