On Mon, Apr 16, 2001 at 10:30:44AM -0700, Titus D. Winters wrote: > Be bad: overwrite init_module in sys_call_table. You can write a module > that'll do it. I guess the trick is getting it to run regardless of what > people do to init. > > But seriously, I would agree that a switch to turn off further > insertion of modules would be nice. We have to make sure that our > generalized framework will allow for such. Modules can be very powerful, > both for good and evil. This is all about policy, which this project is not about (it's about letting different people pick which policy they want.) No special hooks are needed to enable this feature if someone wants to implement it (besides the already specified init_module hook that we proposed.) thanks, greg k-h -- greg@(kroah|wirex).com http://immunix.org/~greg _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 10:34:58 PDT