Re: MAC before DAC vs DAC before MAC

From: Crispin Cowan (crispinat_private)
Date: Thu Jul 26 2001 - 14:21:30 PDT

  • Next message: richard offer: "Re: MAC before DAC vs DAC before MAC"

    jmjonesat_private wrote:
    
    > If the idea was to provide information only to the in-module checks
    > without allowing it to override the result authoritatively by allowing
    > permission where there was none, a kludge might be something like:
    >
    >    int rv1 = 0, rv2=0;
    >
    >    if (... in-kernel check fails...)
    >      rv1 = -EPERM;
    >
    >    rv2 = security_ops->hook(rv1, ...);
    >
    >    if (rv2) return rv2;
    >    if (rv1) return rv1;
    > ...
    > Other than allowing the module to override a restriction with a
    > permission, does this represent a "restrictive_only" compromise that
    > might be useful to anybody?
    
    Allowing the module to override a restriction with a permission is precisely
    what makes it an authoritative hook.  Your proposal has no advantages over
    Wagner's that I can see (it appears to be semantically equivalent) and is more
    complex.
    
    Crispin
    
    --
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 14:49:31 PDT