Re: Extending a Security Module

From: Greg KH (gregat_private)
Date: Tue May 22 2001 - 11:59:02 PDT

  • Next message: jmjonesat_private: "Re: Extending a Security Module"

    On Tue, May 22, 2001 at 03:18:58PM -0400, jmjonesat_private wrote:
    > Another evil thought...
    > What's to keep me from just building a module that 
    > unregisters addresses sequentially until i hit a match 
    > for unregister_security() other than some pretty log 
    > messages.  If it passes down the chain, the module knows
    > when it's tried.
    Nothing is stopping this.  You are operating in kernel space at that
    moment, you can do whatever you want.  The linux-security-module
    framework does not add security within the kernel itself from itself,
    only allows you to change the default (capabilities) security model.
    So sure, write a fun kernel module that strips all security from the
    kernel.  Nothing is stopping this :)
    greg k-h
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue May 22 2001 - 13:00:25 PDT