On Mon, 6 Aug 2001 jmjonesat_private wrote: > If you didn't think this [authoritative hooks] was reasonable, I also > wonder... "why bother?" At the time, I was making a major pass through all of the LSM hooks to fix or improve various aspects, and there had been substantial discussion about authoritative hooks, so I decided to experiment with implementing them at that time. That doesn't mean that I was sold on the idea of authoritative hooks, just that it seemed worth investigating. The resulting patch was definitely more invasive and more error-prone than for restrictive hooks (no surprise there), particularly for complex sequences of DAC logic. Furthermore, it was not always practical to provide an authoritative hook since the DAC logic was sometimes intertwined with the functional logic. Of course, in the latter case, it is also difficult to move the restrictive hook after the DAC logic. It was also not clear how much benefit was provided by the resulting patch, since the existing capable() hook could be used for coarse-grained permissive behavior or to completely override DAC. Fine-grained permissive behavior seemed easily deferable to a later phase of LSM. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 13:13:31 PDT