Amon Ott wrote: > On Don, 19 Apr 2001 buddy wrote: > > Now, the only thing I'm trying to say here, is that nobody seems to care about the > > reason *why* you would want to hook into, say, sys_fork(). There has been no > > discussion about the actual threats and insecurities that we want to cover. > > On GACI list, I already posted the a list of RSBAC hooks with some reasons and > call chains. I attached a slightly reworked version. Great, cheers! Looks very good to me. > After your rant about people just telling what they did: We all made our own > reflections about security impacts of certain functions. This is why the hooks You're right, I just got carried away. ;-) My concern is genuine though. > are there. So what is needed is: > - justification > - discussion > - importance rating, e.g. with levels > - compilation of useful hooks > - decision which ones to take for the final solution > - decision about config switches to select subsets Looks good too. ;-) A discussion of what the hooks could/should look like has already started in other threads but I'd like to explicitly add that to your list. Cheers, Buddy _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 07:58:46 PDT