Re: Common header for security blobs

From: Greg KH (gregat_private)
Date: Thu Sep 06 2001 - 10:54:50 PDT

  • Next message: Chris Wright: "Re: quotactl hook"

    On Thu, Sep 06, 2001 at 02:18:09PM +1000, Lachlan McIlroy wrote:
    > 
    > Any other reasons for or against this idea are welcome...
    > but 'general reasons' will be frowned upon.
    
    How about the "general reason" that it's up to the module that is doing
    the stacking to handle all of this itself?  :)
    
    Seriously, stacking modules is not nice.  I know people want to do it,
    and more power to you, that's why the hooks in the register security
    module function are there for you.  If you do it, you had _better_ know
    what you are stacking, and handle all of the passing the blobs around
    properly.
    
    But defining a common header right now doesn't make much sense.  But if
    people are willing to move their security projects into the kernel tree
    then some kind of commonality could be done in the future.
    
    I do recommend using a "magic value" as the first field of the security
    blob like Stephen mentioned.  That's just good defensive programming.
    
    In short, if you want to do module stacking, you have to do all the
    heavy lifting yourself.
    
    thanks,
    
    greg k-h
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 10:56:55 PDT