richard offer wrote: > Forking linux is nothing compared to nightmare that you get with forking all > the applications. I agree with Seth: hacking an application to use the module(s) system call(s) is forking the application, so you've already swallowed that issue. > Lets summarize. Good idea. > In the blue corner we have people that seem to want a system call means > to determine confirm an application is talking to the right policy > Stephen, David, Richard, Casey I'm not sure that's entirely accurate. I believe Stephen is on the fence, but we'll see on Wednesday. > In the red corner we have people who think it should be done via /proc > Greg, Jesse, As already commented, Greg's view is actually "not syscalls", and he suggests /proc and list_modules as alternatives. Add me to this column. > In the green corner we have those that think its un-needed > J. Melvin I'd be surprised if JMJ doesn't think an identification method is needed. > The semi-interesting point is that Stephen and myself are both working on > projects that involve a complete linux distribution. Immunix is also working on such a system. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 00:15:50 PDT