On Fri, Aug 10, 2001 at 02:43:14PM -0700, richard offer wrote: > > Its not only the application, but the module too, if I know that I'm being > called from an application that is my policy aware, I can be less > conservative about checking the values of the parameters since those would > have been generated correctly by my policy specific application library > layer. Think about what you just said. Basically, "A simple value is all I need to validate that I a really running my trusted application so I will not do the normal kernel checks just for it, that I would do for any other program." Remind me never to run your kernel modules on my machines :) > Using a simple array of longs turns the system call into a private > protocol, there should be someway to confirm that both ends are indeed > talking the same private protocol. Hence the argument "call". That defines the structure of the array of longs. How many different "identifiers" do you need before you understand what the syscall wants to do? Hey, We're not inventing something new here, look at the network stack. This is a tried and true and fast way of doing things. When in doubt, copy something that works. greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 15:12:44 PDT