On 2001-04-24 00:27:58 +0000, Crispin Cowan wrote: > Valdis.Kletnieksat_private wrote: > > > BUT WHAT IF IT ACTUALLY WORKED? > > > > How many security-critical apps would use it instead of jumping > > through the current contortions they go through to check? > > I submit that the number is "very nearly zero." At the moment, > anyway, I'm more convinced by the arguments that a well-constructed > app. just does what it is supposed to do, and doesn't try to probe to > see what is permitted. I (mostly) agree with this. One thing that does make me wonder if there should be a standard (or even recommendation) for allowing administrators to examine permissions. I don't necessarily suggest that this be in the kernel itself, but some standard API (think PAM) or layout (if done in /proc) could be incredibly useful. Visions of admin interfaces that work for multiple LSM dance in my head... Shane _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 08:29:49 PDT