On Tue, Jul 31, 2001 at 06:00:50PM -0400, Valdis.Kletnieksat_private wrote: > If we go to authoritative hooks, and stack your module, how close does > that get us to the original "simple assurance" goal? Is this someplace > that a reasonable compromise can be reached? As an off-the-cuff response, using jmjones' two-return-value restrictive piece to handle the kernel logic + module logic, together with providing copies of data rather than the actual data, will provide the simple assurance we are after -- as long as the 'simple assurance module' is run over several times by different auditors. I am currently of a split mind (surprise surprise :) -- while I do like our current stab at simple assurance, fixing the ordering to help out both sgi and WireX in our mutually exclusive goals (our Good Plan For World Domination? :) sure is tempting... Perhaps, like C's type checking, providing *some* assurance is nice, but module writers, like C programmers, can still shoot themselves in their feet. C doesn't provide everything, and I don't think we can either, but does that mean we shouldn't try to help simple assurance when we can? *sigh* _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 15:11:25 PDT