On Tue, 31 Jul 2001 Valdis.Kletnieksat_private wrote: > On Tue, 31 Jul 2001 15:43:25 EDT, jmjonesat_private said: > > > It is conceivable that a module COULD change fields in this structure > > that would later circumvent in-kernel security checks, interfering with > > the in-kernel checks and, likewise, with the "simple assurance argument". > > > Some Solutions: > > > > Allow authoritative hooks, which are applicable if the "simple assurance" > > argument drops below radar, imho. (In essence, abandon the "simple > > assurance argument" completely.) > > Umm.. if a module could screw with the structure, it can screw with the > authoritative hooks. Agreed. This solution was only posed as an option that would "disregard" the "simple-assurance" argument, while recognizing the arguments that have come before. Quite logically, ANY compromise of the module COULD compromise the kernel. The real issue here is "simple-assurance" and And ANd AND how it's been used in arguments before now. I submit that the interface developed doesn't enjoy any such property. I ask... do we want to rework it to recover that property, or not? And, if NOT, do we want to reconsider the arguments that have been "dismissed" before based on that concept. > Valdis Kletnieks > Operating Systems Analyst > Virginia Tech > J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 13:38:31 PDT