Re: sys_setpriority error

• Previous message: David Wagner: "Re: sys_setpriority error"
• In reply to: Titus D. Winters: "Re: sys_setpriority error"
• Reply: Stephen Smalley: "Re: sys_setpriority error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Titus D. Winters wrote:
>How about this:
>
>no_nice = security_ops->task_ops->setnice(p, niceval);
>if (p->uid != current->euid &&
>        p->uid != current->uid && no_nice) {
>
>can become
>
>no_nice = security_ops->task_ops->setnice(p, niceval);
>if (no_nice) {

One disadvantage is that then each module writer has to cut-and-paste
the old code into his module if he wants to stick with the base logic
(and we can expect this to be common).  Moreover, if for any reason the
linux kernel developers ever need to change the base logic (e.g., someone
found a bug), they'd then need to change the code in every LSM, which
is probably impossible in practice.

I'm not suggesting we abandon this proposal from consideration, but we
should be aware of the significant costs of this approach.

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Wright: "Re: sys_setpriority error"
• Previous message: David Wagner: "Re: sys_setpriority error"
• In reply to: Titus D. Winters: "Re: sys_setpriority error"
• Reply: Stephen Smalley: "Re: sys_setpriority error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 31 2001 - 10:43:29 PDT