Flavien Lebarbe wrote: >The idea of "a NULL pointer in the struct keeps the default -ie no >check- function in place" is reasonable I think (may be a flag >'default when nothing specified is refuse' could be useful, I >dunno). Well, I'd be grateful if there was a way to specify that the default when nothing is specified is that the request is denied. This is part of the assurance argument for Janus: that anything not explicitly validated by us policy writers is guaranteed to be denied, even if we forgot about the existence of some operation, or even if the kernel is upgraded and a new operation is added. We're failing safe, i.e., trading away availability for security. Not all policy modules will want to make this trade-off, but it is a policy decision, and so I think it makes sense to leave this up to the policy module, rather than hard-coding it in the kernel. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Apr 20 2001 - 18:45:08 PDT