Re: MAC before DAC vs DAC before MAC

From: David Wagner (dawat_private)
Date: Wed Jul 25 2001 - 19:39:37 PDT

  • Next message: Greg KH: "Re: Patch Acceptance Procedure"

    Crispin Cowan  wrote:
    >That looks like an authoritative hook to me.  Bad logic in the module could
    >result in an override of kernel DAC logic.
    >
    >I've argued long & hard against permissive and authoritative hooks.  I'll
    >have to think about which one I want more: the simple assurance property, or
    >DAC/MAC sequence the way I want it.
    
    Yes, thank you very much for pointing this out.  This is a big downside
    to the approach I suggested, which I somehow overlooked at the time, and
    it might be the spike in the coffin that kills this approach to ordering.
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 22:35:50 PDT