I took a brief look at Richard Offer's authoritative hooks work; I think he's satisfactorily resolved the big question about authoritative hooks. One of the big concerns about the "authoritative" approach was that it would take a lot more code, and thus be a MUCH bigger patch. I haven't done a count, but by looking at the actual code, I think it qualitatively really isn't THAT much more code. It's obviously more flexible, and it solves several problems (e.g., the ordering issue mentioned before for SGI, etc.). We've already established that the restrictive approach is less helpful than previously thought, and that trying to do all things through capabilities was ugly. Richard has presented code as evidence, not just generic arguments, and I think he's made his case. Other comments? _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 06:41:29 PDT