* David Wagner (dawat_private) wrote: > Chris Wright wrote: > >* Tim Hollebeek (thollebeekat_private) wrote: > >> With the three-function interface, it is much simpler to guarantee the > >> invariant that before_foo() runs iff check_foo() is true. > > > >i'm sorry, i don't understand this argument. > > > >static int do_check_foo(args); > >static void do_before_foo(args); > >int module_check_foo(args) > >{ > > int ret = do_check_foo(args); > > if (!ret) > > do_before_foo(args); > > return ret; > >} > > A few potential drawbacks: > * You have to know what method the caller of module_check_foo() uses > to determine whether the call will be allowed. If it's always > "if (!ret)", then you're ok, but if it is even more complex than > that (e.g., MAC override; or if a call can be denied by Unix file > permissions even though the module said it was ok to allow it), > then the above fails. Thanks for the explanation. I have been complaining about this very issue while working on the capabilities port and didn't see the correlation. thanks, -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 17:05:51 PDT