On Sat, 08 Jul 2017 21:08:40 +0530, Ajinkya Surnis said: > The purpose of assignment is to check the authenticity of the user > executing the system call, and prevent certain users from executing, kind > of like certain security programs (although I don't exactly know how they > work). The only hint I'll give you is that way back in April 2005, we added a rather extensive API for exactly this purpose, and that almost every single major distribution uses this API for one of several major packages. Maybe you should find out "exactly how they work" :) And now the bad news: If you didn't *already* know that, you're almost certainly not qualified to write security code for the Linux environment. (I admit that if I was the interviewer, and the *immediate* answer hadn't been "Why should I intercept syscalls when I could do XYZ?", that would be in my mind an instant "not qualified"). Security coding done correctly is a lot harder than it looks. For example, consider intercepting that open() syscall. What happens if one program opens the file and isn't stopped by your intercept - and it then passes the open file descriptor across an exec() system call to a cooperating malicious process? The other possibility is that the interviewer didn't know about XYZ either - in which case you *DO NOT* want to work there. Trust me on this. :)
Attachment:
pgpwUBrd1zLh5.pgp
Description: PGP signature
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
