On Wed, 22 Aug 2001, Seth Arnold wrote: > I am probably forgetting something obvious, but I can't recall why the > change was suggested. The authoritative hooks allow SGI to cause the MAC checks to take precedence over the DAC checks and to audit the DAC decision (i.e. The hook performs the MAC check. If it fails, then it returns the MAC error. If it succeeds, the hook returns the kernel decision that was passed to it, optionally auditing it as well). > gives up a useful software engineering bug-resistence tool > prefer to keep the bug resistent restrictive hooks in place. See my response to Greg on this issue. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Aug 23 2001 - 05:13:50 PDT