* frm chrisat_private "09/24/01 16:23:06 -0700" | sed '1,$s/^/* /' * ** Crispin Cowan (crispinat_private) wrote: *> *> The debate thread *> http://mail.wirex.com/pipermail/linux-security-module/2001-September/002 *> 017.html that Greg KH referred to is about whether LSM (security) *> modules should ever be permitted to be proprietary. Some feel that all *> LSM modules should be OSD-compliant Open Source software, while others *> feel that LSM should continue the existing Linux module policy of *> permitting proprietary modules only if they do not require changes to *> the Linux kernel (which would make them a derived work of the kernel). * * OK, the above is exactly why i think kernel developers are concerned * about the combination of LSM and proprietary binary only modules. * LSM _does_ require significant change to the Linux kernel. So now you * have a module that is based on major change to kernel. In addition these * changes make it possible to easily fundamentally change the behavior of * the linux kernel with a binary only proprietary module (this is precisely * why there is no interface to change the syscall table). So you're saying that with the current state of Linux, that there is no way that I can write a (non security) loadable module that changes the behaviour of the existing kernel ? Whats technically to stop me writing a device driver that replaces the exiting capable() code with my own implementation ? Likewise with intercepting and replacing system calls ? * * * -chris * ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology, SGI "Specialization is for insects" _______________________________________________________________________ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Sep 24 2001 - 16:44:38 PDT