Re: Common header for security blobs

From: jmjonesat_private
Date: Thu Sep 06 2001 - 14:25:07 PDT

  • Next message: David Wagner: "Re: Common header for security blobs"

    On Thu, 6 Sep 2001, Crispin Cowan wrote:
    
    > jmjonesat_private wrote:
    > 
    > >In for a (pint), in for a pound... since we stuck an integer in the system
    > >call that identifies the module, sticking it here is not a great big deal.
    > >
    > No: we stuck an integer parameter into the system call that COULD be 
    > used to identify the module.  It could also be used to identify the day 
    > of the week, or the gross weight tonnage of your module when encoded on 
    > paper tape.  The point of that decision was to enable people who want to 
    > use it fo rmodule identification to do so, without burdening LSM with 
    > the "global registry" problem of creating a common list of module 
    > identifiers.
    > 
    > I agree with Greg: anyone who wants to stack modules has to be aware of 
    > what they are stacking.  
    
    
    To clarify my opinion, I think both this and the system call argument are
    addressed by the same arguments.  I don't see the need for either,
    officially, but I do see the need for modules to maintain SOME system to
    do this. Creating a "common" method is not necessary, but a convenience to
    some (many?) that is not particularly costly, imho. 
    
    Just like that INT passed, I don't see significant technical harm in doing
    it here, but think we're on a slippery-slope.  Do we want to perpetuate a
    shared mechanism to identify the module throughout the interface/hooks,
    even if it's "innocuous"?  I think if we say "yes" and add this
    structure, we'll have to add more before the thing's done... but I'm not
    going to get all excited about this one. :)  I don't think the total cost
    is outrageous, and it may be "convenient" in a general sense.
    
    J. Melvin Jones
    
    > Crispin 
    > 
    > -- 
    > Crispin Cowan, Ph.D.
    > Chief Scientist, WireX Communications, Inc. http://wirex.com
    > Security Hardened Linux Distribution:       http://immunix.org
    > Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    > 
    
    J. Melvin Jones
    
    |>------------------------------------------------------
    ||  J. MELVIN JONES            jmjonesat_private 
    |>------------------------------------------------------
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    |>------------------------------------------------------
    ||  http://www.jmjones.com/
    |>------------------------------------------------------
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 14:26:40 PDT