At present, if you accidentally miss a hook function when writing your security module, you don't get any kind of warning unless it happens to be one of the top-level hooks (checked by security/security.c:verify). This happened to the SELinux security module. Back at the beginning of August, a set of additional hooks were added to task_security_ops by Lachlan, and I missed the getscheduler hook when I updated the SELinux module. We made three releases of the SELinux security module without noticing this problem, and only happened to find it after a user reported a complete system lockup upon running mozilla on the third release. Even then, it wasn't easy to track down - we didn't get any kind of kernel Oops until we rolled forward to 2.4.13-pre6, just a complete lockup. Although this was my mistake, it would be nice if the verify function would catch these kinds of mistakes. But simply expanding the current set tests for each individual hook function pointer seems painful and may not be well-maintained as new hooks are added. Is there a simpler way to validate the entire structure? -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Oct 25 2001 - 10:23:35 PDT