* frm gregat_private "08/10/01 13:38:21 -0700" | sed '1,$s/^/* /' * * On Fri, Aug 10, 2001 at 04:33:47PM -0400, jmjonesat_private wrote: *> *> No argument that support for stacking arbitrary modules is totally out. *> *> If there really is no need for a module_id in the syscall code for *> needs other than stacking (and it's not NEEDED for stacking, it just *> complicates it), and it's not going to be implemented at all, *> I agree completely. It gets in the way. *> *> If it's there to address a legitimate need, I'd like to see it actually *> work with stacking and not encumber it, in the simplest incarnation *> possible. :) I can't imagine a simpler incarnation than just passing a *> 32-bit integer through and letting the module deal with it... no *> registration necessary. * * I haven't seen any point so far that shows a legitimate need. * Everything I've seen talks about stacking modules. Hence the current * version in the tree. But have I missed anything? Its not only the application, but the module too, if I know that I'm being called from an application that is my policy aware, I can be less conservative about checking the values of the parameters since those would have been generated correctly by my policy specific application library layer. Using a simple array of longs turns the system call into a private protocol, there should be someway to confirm that both ends are indeed talking the same private protocol. * * thanks, * * greg k-h * richard. ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology, SGI "Specialization is for insects" _______________________________________________________________________ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 14:45:00 PDT