richard offer wrote: >If that's what you want, do it, but ~20% of the programs I have data on use >access() broken or not. I don't mean to be rude, but: So what? The above fact doesn't seem to harm the usability of Janus, in my experience. If other policy modules want to make their extended security policy visible through access(), fine, but I have yet to hear a compelling argument why all module-writers should be required to do so whether they want to or not. This is a policy matter; leave it up to the policy modules to decide what policy is best. >"some applications (sendmail,id) because of their very nature, will need to >make policy decisions or display policy specific information. We should bear >this in mind when designing the LSM so that we do not stop this happening (we >don't need to do it in this project, we just need to make sure we don't stop >someone else from doing it). Give me an example of an important, security-critical app that makes security decisions based on the result of access(). I bet just about every app that uses access() in this way is already broken, and I've already explained why several times (TOCTOU holes,...). access() is a fundamentally insecure interface, and if you're relying on it for security, you probably have a security hole. Whether I want to support apps with a security hole or not is a policy decision, and I want policy module writers to be free to choose which policy they prefer. If you believe it is important to make these policies visible to apps, you may well be right, but (1) I'd argue that access() is probably not the right interface for doing so; and (2) this is a matter of policy. There's nothing preventing you from experimenting with ways of making policies visible to apps in your module. If you want to, feel free. All I ask is that you not impose requirements on module-writers who have a different policy in mind than yours. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 17:04:06 PDT