Chris Wright wrote: > The only thing I'm skeptical of is the need for authoritative hooks. > The checks are after capable() which provides coarse grained permissive > hooks since capable calls in to the module. If you pass the capable > test, then you have already overriden the DAC logic. Why do you need to > give another permissive test? If you're writing a module which does audit (we'll have hook proposals by the end of the month, probably sooner) you need to do the capability (or Superuser) check after the DAC check so that you can record the decision properly. You don't want to say that someone got access because they had privilege when the file is mode 777. -- Casey Schaufler Manager, Trust Technology, SGI caseyat_private voice: 650.933.1634 casey_pat_private Pager: 888.220.0607 _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jun 13 2001 - 10:29:32 PDT