* richard offer (offerat_private) wrote: > > > * frm chrisat_private "09/24/01 16:23:06 -0700" | sed '1,$s/^/* /' > * > * OK, the above is exactly why i think kernel developers are concerned > * about the combination of LSM and proprietary binary only modules. > * LSM _does_ require significant change to the Linux kernel. So now you > * have a module that is based on major change to kernel. In addition these > * changes make it possible to easily fundamentally change the behavior of > * the linux kernel with a binary only proprietary module (this is precisely > * why there is no interface to change the syscall table). > > So you're saying that with the current state of Linux, that there is no way > that I can write a (non security) loadable module that changes the > behaviour of the existing kernel ? > > Whats technically to stop me writing a device driver that replaces the > exiting capable() code with my own implementation ? Likewise with > intercepting and replacing system calls ? #include <IANAL.h> nevermind the static inline nature of capable ;-) what i'm relaying is what i've read during the many flamewars regarding binary only linux modules. spefically, with the syscall table, i was referring to _adding_ syscalls, sorry for not being more specific. for some recent readings... see this lwn article: http://lwn.net/2001/0524/ "The boundaries of the GPL" and this one: http://lwn.net/2001/0614/kernel.php3 "A new networking patch pushes the limits of what modules can do" -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Sep 24 2001 - 18:42:34 PDT