Folks, Normally, the game is played by one security module. It is thinkable, however, that that module MAY wish to allow another module to "hook" into it, thereby extending the security provided by an additional "increment"... either by providing a vector for a previously "NULL" vector, or by chaining to an existing one. Would a struct security_ops * get_security(something); function that somehow allows a "stacked" module to access the global pointer WITH PERMISSION of the installed module be ridiculously unsafe? Or should modules that wish to be "extensible" provide their own interface? Or is the security_ops structure TRULY globally accessable... and if so... isn't that a risk? I think this topic has been visitted before, but are you sure this shouldn't be provided? I ask because my "silly" LSM design could use it to great advantage. Sorry To Ask Possibly-Silly Questions, Building a "play" Module, J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun May 20 2001 - 13:31:29 PDT