On Thu, 6 Sep 2001, Crispin Cowan wrote: > jmjonesat_private wrote: > > >In for a (pint), in for a pound... since we stuck an integer in the system > >call that identifies the module, sticking it here is not a great big deal. > > > No: we stuck an integer parameter into the system call that COULD be > used to identify the module. It could also be used to identify the day > of the week, or the gross weight tonnage of your module when encoded on > paper tape. The point of that decision was to enable people who want to > use it fo rmodule identification to do so, without burdening LSM with > the "global registry" problem of creating a common list of module > identifiers. > > I agree with Greg: anyone who wants to stack modules has to be aware of > what they are stacking. To clarify my opinion, I think both this and the system call argument are addressed by the same arguments. I don't see the need for either, officially, but I do see the need for modules to maintain SOME system to do this. Creating a "common" method is not necessary, but a convenience to some (many?) that is not particularly costly, imho. Just like that INT passed, I don't see significant technical harm in doing it here, but think we're on a slippery-slope. Do we want to perpetuate a shared mechanism to identify the module throughout the interface/hooks, even if it's "innocuous"? I think if we say "yes" and add this structure, we'll have to add more before the thing's done... but I'm not going to get all excited about this one. :) I don't think the total cost is outrageous, and it may be "convenient" in a general sense. J. Melvin Jones > Crispin > > -- > Crispin Cowan, Ph.D. > Chief Scientist, WireX Communications, Inc. http://wirex.com > Security Hardened Linux Distribution: http://immunix.org > Available for purchase: http://wirex.com/Products/Immunix/purchase.html > J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 14:26:40 PDT