On Tue, Jul 03, 2001 at 04:41:22PM -0400, jmjonesat_private wrote: > > The basic idea was to provide a module and utility that could be used > > to verify that for each system operation, the right set of hooks was > > called and the kernel responded properly when those hooks returned > > errors. Otherwise, it would be very easy for a hook call to become > > "lost" or bypassed when a set of updates were made to the kernel. > > I think the idea was proposed by Steve Kramer of HP. > > Ouch! Big Job. Mighty hard diggin'! > > The idea of "responded properly", it seems to me, would be module > specific... appropriate responses would depend on the policy in > force. Nope. :) The idea is, if I understand correctly, is that a module should be written, along with some userspace program, that will exercise every hook in the kernel. You know, some way to ensure that the hooks we insert (and depend upon in our modules) *stay there* and don't get dropped at the whim of some developer or forgetfulness. Or worse, change their 'meaning'. Think of it as a regression test, but just to make sure the whole blasted contraption works. It may be able to test for bugs too, when the project gets old enough to have bugs. :) Think of something like a POSIX test suite, or Java test suite. Yeah, it probably isn't going to be as much fun as writing the modules that we all want to write, but .. hopefully such a tool would make debugging things easier for everyone. I *did* get it correct, right? _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 13:55:25 PDT