On Thu, 25 Oct 2001, richard offer wrote: > With no subsequent discussion following posting of the last patch (which > incorporated changes to meet Chris's suggestions) all the issues appear to > have been put to bed so there should be no reason for not moving forward > with this. Although I know that the following two items have been previously discussed, I still think that they need to be changed: 1) The init_module hook placement. This hook should really be called after the module has been sanity-checked and copied into kernel space so that a security module has the option of performing a check based on the module content. The module name is rather useless as a means of checking. I understand what you are trying to do in co-locating the hook call with the capable call, but it isn't clear that it is necessary. The CAP_SYS_MODULE capability is only checked by the module system calls, and it is always followed (eventually) by one of the LSM hook calls. So this is a case where restrictive+capable is good enough. The same is true for all of the module system calls. 2) The rmb call in ptrace. I see no valid reason to make this conditional, and it just makes the code uglier. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 08:33:30 PDT