On Fri, Jul 20, 2001 at 04:09:31PM -0400, Chris Vance wrote: > > Something escaped my first pass. Note that two of these hooks have > parameters that are user-space variables - accept and setsockopt. In the > first case, accept, they should be removed. In the second case, > setsockopt, it's not clear whether an LSM module would care precisely what > value is being set. It would need to be copied into kernel memory and the > possibly of a race condition exists. > > Perhaps removing these paramters would be the safest thing to do. I agree. Keeping lsm modules from having to handle userspace variables is a good thing. Where ever possible I think we should try to avoid it. Other than that, the patch looks nice. However I don't profess to know anything about the network stack code :) Anyone else want to comment if these hooks will work out for their projects? thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 13:23:26 PDT