David Wheeler wrote: >If solutions are equal & one would >be better for covert channels (if that were to be supported later), >by all means choose the more flexible >approach. I do _NOT_ think inhibiting covert channels is >anywhere near as important as flexible access rights & auditing. Right. Thanks. That's a much better formulation of the point I was trying to get across: I'm not convinced that covert channels should not be the deciding factor in choosing the order of in-kernel and hook-based checks, if there are other factors as well, because I'm not convinced that the payoff is large enough. Other than that, I'm pretty agnostic about the order of the checks, and about whether someone else wants to write modules that inhibit covert channels. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 12:46:28 PDT