topic Re: File system access control in Operating System - HP-UX

File system access control

Evgeniya Smirnova — Thu, 11 Mar 2004 08:40:26 GMT

Is it possible to intercept all file system calls (not from particular process or application)(or at least file access function)with the possibility to analyse the request (user id, requested operation, file pathname) and then reject or pass throw this call? Is there possibility to implement system calls interception or interposition on the virtual file system functions level or low level file systems? Thanks, Evgeniya

Re: File system access control

Sridhar Bhaskarla — Thu, 11 Mar 2004 09:01:35 GMT

Hi,

CA's e-Trust Access control (previously called SeOS) does it in general on all types of system calls. I used it before and I like to use it if the systems have to be robustly secure as it provides an additional layer of security even above "root".

-Sri

Re: File system access control

Evgeniya Smirnova — Thu, 11 Mar 2004 09:26:14 GMT

I'm sorry. I forgot to specify, that I'm interesting in HP-UX.
Thanks,Evgeniya

Re: File system access control

Evgeniya Smirnova — Fri, 12 Mar 2004 07:16:58 GMT

In what way such tools, like CA's e-Trust Access control could be implemented? Is it possible to do without operating system's source codes access?
Thanks, Evgeniya