Re: quotactl hook

From: Crispin Cowan (crispinat_private)
Date: Wed Sep 05 2001 - 16:10:35 PDT

  • Next message: Chris Wright: "Re: quotactl hook"

    Casey Schaufler wrote:
    
    >The capable()+restrictive scheme fails if the existing kernel
    >code short circuits out on failure, and there's no reason it
    >shouldn't if hooks are documented as restrictive. Any performance
    >optimizer (and the Linux community is full of 'em) will look
    >at code which calls a restrictive hook after a failure case and
    >"fix" it, in what for our nefarious purposes would be the
    >veterinary sense.
    >
    However, the "authoritative" change that is being proposed ALSO 
    short-circuits on DAC failure.  That is a BIG part of the question of 
    "is this good enough for SGI's purposes?"  Most of the people messing 
    with the code believe that it is infeasible to insert an authoritative 
    hook on every short-circuit case.
    
    So, in no event are we going to get "no short circuiting".  With that in 
    mind, does the "kinda authoritative" approach embodied in Stephen's 
    patch -> Lachlan's patch -> Chris Wright's patch present a substantial 
    improvement in LSM usefulness to SGI?
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 16:11:34 PDT