"Donaldson, Matthew" wrote: > I disagree. You might not like the design behind it, but that does not mean > there isn't any. Just because it is not in a kernel module doesn't mean it > is inherently un-designed and bad. In fact, a lot of thought has gone into > its design. Perhaps instead of battling to get the kernel maintainers to accept this patch, you'd consider actually making it a module. We're working on a Linux Security Module (LSM) extension to the existing module interface, precisely so that the kernel maintainers don't have to wrangle with whether or not to accept a given security patch. If you're interested in modularizing your work, then we need your input on what hooks the LSM should provide to modules. E.g. some discussion today came up about whether we have sufficient hooks in place to support Solar Designer's "don't let suid programs follow symlinks in stickbit dirs" patch. We need your input on the LSM interface if it is to support your enhancement. Subscribe here http://mail.wirex.com/mailman/listinfo/linux-security-module Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 22:43:56 PDT