Extending a Security Module

From: jmjonesat_private
Date: Sun May 20 2001 - 13:30:25 PDT

  • Next message: Chris Evans: "Re: Append vs. write distinctions"

    Normally, the game is played by one security module.  It is
    thinkable, however, that that module MAY wish to allow another module
    to "hook" into it, thereby extending the security provided
    by an additional "increment"... either by providing a vector
    for a previously "NULL" vector, or by chaining to an existing 
    Would a 
    struct security_ops * get_security(something);
    function that somehow allows a "stacked" module to access
    the global pointer WITH PERMISSION of the installed module
    be ridiculously unsafe?  Or should modules that wish to be 
    "extensible" provide their own interface?
    Or is the security_ops structure TRULY globally accessable...
    and if so... isn't that a risk?
    I think this topic has been visitted before, but are you 
    sure this shouldn't be provided?  I ask because my "silly"
    LSM design could use it to great advantage.
    Sorry To Ask Possibly-Silly Questions,
    Building a "play" Module,
    J. Melvin Jones
    ||  J. MELVIN JONES            jmjonesat_private 
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    ||  http://www.jmjones.com/
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Sun May 20 2001 - 13:31:29 PDT