jmjonesat_private wrote: >For the peanut gallery, and because this concern seems to be outside LSM's >defined concern of "access restriction" (which is a hazy and largish >area), > Begging to differ, but "access control" is very well defined: it is the setting and enforcement of policies that determine which subjects (users, processes) may access which objects (files, other passive object) and subjects (processes can affect other processes). This is not just my humble opinion, these are formal definitions: see the classic Saltzer & Schroeder (again :-) http://web.mit.edu/Saltzer/www/publications/protection/index.html > I would like to state that I don't see the ptrace problem as being >within the interest/scope of LSM, but I do see it as being within the >scope of Linux Security. > Since ptrace is the interface by which some subjects (processes) affect other subjects, it is well within the formal definition of access control. QED. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Oct 28 2001 - 17:32:33 PST