Greg KH wrote: > On Sat, Apr 14, 2001 at 03:57:15PM -0700, Crispin Cowan wrote: [something stupid] > Eeek! No! > The kernel should _not_ be reading _any_ userspace config files. Well ok then :-) > It doesn't solve any "trust" issues of having the kernel read the file vs. a > userspace program sending the already parsed data to the kernel module through an > ioctl or filesystem handle. Is there any additional help we can give modules to load config files? Or is it pretty much all there with ioctls? > > * Depend on extended attributes: > Does anyone know of any filesystems that currently support ACLs (besides > NTFS) that the kernel currently handles in a "different" way? I'm not sure about "handles in a different way", but a quick search http://www.google.com/search?q=linux+acl produced a lot of diverse hits. There appear to be several different projects out there intent on adding ACLs to linux, some as much as four years old http://www.uwsg.indiana.edu/hypermail/linux/kernel/9705.0/0035.html > I don't think we want to mess with filesystem ACLs in this module, let's > leave the filesystem privileges checks in the individual filesystems > where it is today. Exactly: I want to avoid messing with it, but enabel LSMs to mess with them. If we can get away with it, just standing aside and letting the LSMs talk directly to the file system would be ideal. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Apr 14 2001 - 17:55:48 PDT