jmjonesat_private wrote: >In for a (pint), in for a pound... since we stuck an integer in the system >call that identifies the module, sticking it here is not a great big deal. > No: we stuck an integer parameter into the system call that COULD be used to identify the module. It could also be used to identify the day of the week, or the gross weight tonnage of your module when encoded on paper tape. The point of that decision was to enable people who want to use it fo rmodule identification to do so, without burdening LSM with the "global registry" problem of creating a common list of module identifiers. I agree with Greg: anyone who wants to stack modules has to be aware of what they are stacking. This has been discussed before. It can be done in multiple (social) ways: * you can have the "gang of 17" consortia of module providers who all agree to honor some convention of module identifiers, i.e. Wheeler's suggestion of MD5 on the module name. * modules with grand ambitions (e.g. SELinux) can export their own module identifiers in some selinux_module_ids.h and everyone who wants to stack on top of selinux can do so by following selinux's protocols * etc. etc. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 14:09:41 PDT