Crispin Cowan wrote: > > jmjonesat_private wrote: > > > Who's working on the Code to English (documentation) translation here? > > I think (conceit), I could perhaps volunteer to help. > > Thanks! That's certainly something that will need doing. At the moment, > the code base is rather fluid, so the code is the documentation. When it > firms up, we'll need a document that explains how to create a security > module, and documents the API for each of the hooks. Arguably, we want a reasonably clear spec before people start coding. This is particularly true for security code, since we want people to analyse it looking for holes. Ideally, you want to go beyond just a specification, all the way to a formal model with provable security properties. Of course, it's no use specifying something that cannot be coded or that is going to be hopelessly inefficient. So we are probably looking at some form of iterative process. Can we specify what we want to hook to in terms of data structures? We have structs for a process, file, socket. Is it enough to say a security module gets to: add fields to those structs, add things to the i-node to initialise file structs intercept a list of procedure calls, some of whose args are pointers to those structs Or are there other structures (RPC?, shared memory?, IPSEC tunnels?, ...) that they should be able to manipulate? _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Apr 22 2001 - 13:38:28 PDT