Casey Schaufler wrote: >The capable()+restrictive scheme fails if the existing kernel >code short circuits out on failure, and there's no reason it >shouldn't if hooks are documented as restrictive. Any performance >optimizer (and the Linux community is full of 'em) will look >at code which calls a restrictive hook after a failure case and >"fix" it, in what for our nefarious purposes would be the >veterinary sense. > However, the "authoritative" change that is being proposed ALSO short-circuits on DAC failure. That is a BIG part of the question of "is this good enough for SGI's purposes?" Most of the people messing with the code believe that it is infeasible to insert an authoritative hook on every short-circuit case. So, in no event are we going to get "no short circuiting". With that in mind, does the "kinda authoritative" approach embodied in Stephen's patch -> Lachlan's patch -> Chris Wright's patch present a substantial improvement in LSM usefulness to SGI? Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 16:11:34 PDT