On Wed, Sep 05, 2001 at 12:08:42PM +1000, Lachlan McIlroy wrote: > Well here it is... it's an updated version of Stephen > Smalley's repost (thanks for the patch Stephen). The > patch doesn't fix all our problems but it does improve > our situation considerably as it will continue to make > LSM an option for us. We would, of course, like the > entire patch to be committed but we aren't expecting that > to happen. Most of the changes are independent of each > other so it is not necessary to have the entire patch > committed (at least not at once :-)). Some changes, like > to fs/namei.c:permission(), are both simple and critical > to our needs so please don't reject these changes because > of other more intrusive ones. Ick. You move capable() calls inside of the big kernel lock. You mess with the logic order in ptrace() which is _very_ dangerous (see all the ptrace exploits lately to understand why this is some fragile code.) And then there's my general reason of not liking the authorative patches for now at all :) greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 10:03:26 PDT