Re: Authoritative Hooks

From: Rik van Riel (rielat_private)
Date: Mon Nov 05 2001 - 12:15:00 PST

  • Next message: Casey Schaufler: "Re: Authoritative Hooks"

    On Mon, 5 Nov 2001, Casey Schaufler wrote:
    > Crispin Cowan wrote:
    > >    1. It is more invasive.
    > >    2. It increases the likelihood that modules can accidentally
    > >       undermine the base logic.
    > >    3. It increases the likelihood that the LSM patch will introduce an
    > >       error into the base kernel.
    > It remains our opinion, based on a dozen years experiance
    > with similar intergartion issues, that these arguements are
    > insignificant in the face of the extreme limitations of
    > the restrictive hook scheme.
    I bet your dozen years of experience haven't dealt with
    trying to sneak code into Linux, though. ;)
    I have to agree with Crispin that it'd be much better to
    get the something "easy" into the kernel first, only when
    the code base has been in the kernel for a while and the
    other kernel developers trust it, new features can be
    It really looks like the choice LSM is facing only has
    two alternatives:
    1) get something simple, relatively non-intrusive included
       with the kernel
    2) submit something with all bells and wistles, just to
       have certainty the thing will never be accepted
    I'd say we do our best to get LSM into the kernel.
    DMCA, SSSCA, W3C?  Who cares?  (volunteers needed)
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Mon Nov 05 2001 - 12:16:31 PST