* Flavien Lebarbe (flavienat_private) [010417 21:58]: > The idea of "a NULL pointer in the struct keeps the default -ie no > check- function in place" is reasonable I think (may be a flag > 'default when nothing specified is refuse' could be useful, I > dunno). You are proposing that the default behavior be to fail open. This type of behavior is not normally considered secure. If a new system call is added to the kernel it may provide a way to bypass the policy enforced the security module. It would be considered a more secure behavior to refuse to load the module if there is a mismatch between the kernel version and the versions supported by the security module, or possibly simply disabling the system call. At the very least this behavior (whether the system should fail open or closed) should be determined by the module or user configuration. -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 15:06:08 PDT