Dr. Cowan, Thank you very much for the reference. I stand corrected. Drop #5 from my worries (or actually, eliminate exporting security_ops from my list of current concerns.) I agree that, if they're going to crack it, they're going to crack it no matter how difficult finding security_ops may be. Actually, even without exporting the symbol, it's not that hard to find if one is "motivated". The small advantage of enforcing a common access point for manipulating it does not outweigh the potential value of providing alternate means. Some code (modules), must be trusted... if it can get into the system in the first place. Having a kernel's left hand distrusting its right hand simply causes too many problems. I apologize for my concern. Sincerely, J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Jun 09 2001 - 13:17:28 PDT