[oops, lost in mail queue, resending -chris] * David Wagner (dawat_private) wrote: > Chris Wright wrote: > >2. Maintain current set of hooks and push logic out of the kernel and into > >the module to avoid placing hooks in compound conditionals. > > Now I know that this assurance argument is going to inevitably become > harder to verify with a LSM, but if we follow option #2, things really > get nasty. To verify the assurance claim, one must examine all code > *and verify that it includes a proper cut-and-pasted version of the base > kernel logic*. Such verification is non-trivial, and my motto is that > if it is non-trivial, it is probably wrong. I agree, if you catch yourself cutting and pasting something is wrong. But I'm not convinced this method requires cutting and pasting. I think it becomes an arguement in favor of module composition. > That's why I'm not so fond of #2. Quite possibly #2 is the best among > several bad choices, and if so, so be it. Nonetheless, I wanted to list > these issues in advance so that nothing is overlooked. Similarly to cutting and pasting, if we are deciding between several bad choices, I think something is wrong ;-/ -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 18:51:23 PDT