* frm sdsat_private "10/30/2001 12:46:32 PM -0500" | sed '1,$s/^/* /' * * * On Tue, 30 Oct 2001, Greg KH wrote: * *> Since it has been proven that the version field of the struct *> security_operations is useless (it doesn't catch the problem of not *> defining a hook, and no other in kernel api has a version number), *> here's a patch that removes it from the code. *> *> Any objections to committing this? * * Well, the version field would catch an attempt to load a security module * built against a different version of the LSM security.h file. I don't * know if that is worthwhile, since people should always compile their * modules against the appropriate kernel headers. No real objection here. I think it depends on what our story is for binary compatability. As currently implemented the version string is of little use (Stephen got caught by missing hook functions, I've been caught in the past, likewise I suspect with everyone who's writing a module has been caught). There are two issues. During development of the module you'd want immediate notification if a new hook has been added that we're not prepared for, relying on security.h for version numbers wasn't working for this case. In production use we want to stop an old module being loaded into a new kernel. the existing version numbers in security.h (assuming they were incremented as they should be) would work for this case. Rather punting on the whole compatability story we should aim to fix the first problem so that versions are useful. * * -- * Stephen D. Smalley, NAI Labs richard. -- ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology, SGI "Specialization is for insects" ___________________________________________On sabatical Nov 8 -> Nov 30 _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Oct 30 2001 - 10:08:05 PST