On Fri, 26 Oct 2001, Chris Wright wrote: > hmm, i guess this is possible. of course, a NULL pointer is the same as > a useful pointer that returns a-ok. it's nice to sanity check as much > as possible. how about we leave this for the time being, given the work > arounds (good pointer, return 0 implementation, bad non-zero pointer)? Actually, that's not true. A NULL pointer, checked by the caller, might prevent a call and a kernel-panic. I agree that sanity-checking is most useful in development, but the difference that I see is that there MUST be a valid "a-ok" function for a hook, but there need not be a valid pointer to a function passed in the structure during the call. Having the kernel CHECK, irrevocably, the values in a parameter smacks of "policy imposition" to me when it passes a pointer to another entity for review. Again, based on the simple code for security_register(), I think that a full-verify is probably a good idea, but, by passing an unverified pointer to the module, you not only lose nothing but ALSO gain something: the module can use that pointer for another purpose, or verify that it is proper within the context of its registration. Remember, a module family is assumed (by LSM) to KNOW the nature of the passed information from other modules of the same family. The check is inappropriate in mod_reg... Sincerely, J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 13:29:29 PDT