> > With the three-function interface, it is much simpler to
> guarantee the
> > invariant that before_foo() runs iff check_foo() is true.
>
> i'm sorry, i don't understand this argument.
>
> static int do_check_foo(args);
> static void do_before_foo(args);
> int module_check_foo(args)
> {
> int ret = do_check_foo(args);
> if (!ret)
> do_before_foo(args);
> return ret;
> }
>
> this does not seem too complex and required only check_foo
> support in the
> interface, not penalizing those that have no need for before_foo.
Well, you've just moved the relevant code into every module, duplicating the
same idiom all over the place instead of having it in just one spot. So,
yes, that's equivalent.
However, especially when dealing with security critical code, I prefer to
operate under the assumption that given an opportunity to make a mistake,
sooner or later someone will make it. Which is why I would prefer simple,
clean logic in one place instead of shifting the burden to every module just
to save one function call; YMMV.
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Apr 25 2001 - 07:43:50 PDT