On Wed, 27 Jun 2001, Stephen Smalley wrote: > Your patch introduces a lot of hooks for capturing final return > statuses. Why can't this be provided by a module simply by > interposing on the system calls like any existing LKM and capturing > the final result in that manner? Why must we add explicit hooks into > the base kernel for this purpose? One final observation on this same theme: it seems like we need to distinguish between hooks that are truly needed in order to effectively support some security functionality vs. hooks that can just as easily be implemented via system call interposition. It seems as if certain aspects of your patch (capturing return statuses, recording the system call parameters like the fd or pathname) can be done quite well with a LKM using the existing Linux kernel, without needing hooks at all. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 08:43:24 PDT