On Sat, 14 Apr 2001, Crispin Cowan wrote: > Greg KH wrote: > > > On Sat, Apr 14, 2001 at 03:57:15PM -0700, Crispin Cowan wrote: [something stupid] > > Eeek! No! > > The kernel should _not_ be reading _any_ userspace config files. > > Well ok then :-) > agree...but the way to load the config file(ACLs) must be authenticated due to the security reason. > > It doesn't solve any "trust" issues of having the kernel read the file vs. a > > userspace program sending the already parsed data to the kernel module through an > > ioctl or filesystem handle. > > Is there any additional help we can give modules to load config files? Or is it pretty > much all there with ioctls? > I dont know if we can use the ioctl or setsockopt etc to read the rules(acls) into the system like what ipchains/netfilter do. > > Exactly: I want to avoid messing with it, but enabel LSMs to mess with them. If we > can get away with it, just standing aside and letting the LSMs talk directly to the > file system would be ideal. -Huagang. -- LIDS secure linux kernel http://www.lids.org/ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Apr 14 2001 - 18:39:35 PDT