Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
ForensicSIM Toolkit gets
Serv-U bounce attack and
To the Image File Execut
Based on CallStack count
To a some music website
How to use double WAN ro
pcshare official net exa
Security precious book m
Honey jar and honey net
The invasion examination
pcshare official net exa
Tomcat invasion examinat
Bypasses the CallStack f
Ten big invasion examina
The network invasion exa
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
TEA guidelines for risk
Training for medical per
JSIC Security Forum 2001
SITO includes E-Learning
The rationale for choosi
Drink and drug driving c
BTEC is Tavcom Training
International trade issu
1 in 5 companies is unli
New compact PD-350 for F
sharp rise in prices of
Passfaces strong authent
T3i teams with Passfaces
Comodo Two Factor Authen
Comfortable two-factor a
Linux invasion observation system LIDS principle(3)
  Add date: 10/27/2008   Publishing date: 10/27/2008   Hits: 2
Total 7 pages, Current page:3, Jump to page:
 

umode_t i_mode;
nlink_t i_nlink;
uid_t i_uid;
......
}  

  Attention: Uses for to appraise point inode. This meaning is you may use one pair to obtain in a system unique inode.


In /ur/src/Linux/cinclude/Linux/dcache.h
struct dentry {
int d_count;
unsigned int d_flags;
struct inode * d_inode; /* Where the name belongs to - NULL is negative */
struct dentry * d_parent; /* parent directory */
struct dentry * d_mounts; /* mount information */
struct dentry * d_covers;
struct list_head d_hash; /* lookup hash list */
struct list_head d_lru; /* d_count = 0 LRU list */
struct list_head d_child; /* child of parent list */
struct list_head d_subdirs; /* our
......
}  

  dentry is a directory file entrance. Through this entrance, we may very easy move under the document father table of contents.

  For example, if your document's inode is (struct inode*) file_inode, if you may use file_inode->d_entry to obtain its table of contents entrance, and obtains the father table of contents table of contents entrance with file_inode->d_entry->d_parent.
LIDS protection construction of data

  After analyzing the Linux filing system, how lets us have a look at LIDS is to accommodate the VFS guard file and the table of contents.


In /usr/src/Linux/fs/lids.c

struct secure_ino {
unsigned long int ino; /* the inode number */
kdev_t dev; /* the dev number */
int type; /* the file type */
};  

  The above structure uses a pair of storage protection document or the table of contents point. “type” uses for to mark the protection point document type.

  LIDS has 4 types

  In /usr/src/Linux/include/Linux/fs.h
  #define LIDS_APPEND 1/* APPEND ONLY FILE */
  #define LIDS_READONLY 2/* Read Only File */
  #define LIDS_DEVICE 3/* Protect MBR Writing to device */
  #define LIDS_IGNORE 4/* Ignore the protection */

  Through the secure_ino structure, we can very easy initially cause the protection document perhaps carry out the following function in the essence.


In /usr/src/Linux/fs/lids.c
int lids_add_inode (unsigned long int inode, kdev_t dev, int type)
{

if (last_secure == (LIDS_MAX_INODE-1))
return 0;

secure[last_secure].ino = inode;
secure[last_secure].dev = dev;
secure[last_secure].type = type;

secure[++last_secure].ino = 0;

#ifdef VFS_SECURITY_DEBUG
printk (“lids_add_inode: return %d
“, last_secure);
#endif
return last_secure;
}  

  Looks like you to be possible to see in the above code, adds to a point to secure_ino is very easy. The point which protects in system initiation time at the beginning of causes. Initially causes the procedure in /usr/src/Linux/fs/lids.c init_vfs_security().

  Now, how lets us have a look at LIDS is to inspect whether a point already did receive the protection.


In /usr/src/Linux/fs/open.c
int do_truncate (struct dentry *dentry, unsigned long length)
{
struct inode *inode = dentry->d_inode;

 
Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * 6 * 7 * Next>>
Prev:Is invaded system's restoration guide (next) Next:Linux invasion observation system LIDS principle (2)

Comment:

Category: Home > invades the examination
Home