* frm sdsat_private "09/05/01 14:05:46 -0400" | sed '1,$s/^/* /' * * * Right. I'm not clear as to where this issue is headed now. It seems * like Chris Wright issued a challenge to SGI to demonstrate that the * existing capable hook wasn't sufficient. Lachlan gave an example where * capable is called even when the DAC logic would succeed, but also said * that this wasn't an issue for SGI since the restrictive hook is called * first. So it isn't clear to me that the case for authoritative hooks * has been made. capable() is not a substitute for authoritative hooks, there is insufficient information available inside the hook on which to make any decision that is more complex than "is this process running with privilege". Capable() was never intended to be used as a general purpose access control vehicle. * Stephen D. Smalley, NAI Labs * ssmalleyat_private richard. ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology, SGI "Specialization is for insects" _______________________________________________________________________ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 11:22:34 PDT