* jmjonesat_private (jmjonesat_private) wrote: > > Does getting rid of it advantage LSM, or just disadvantage other > solutions? i have no idea what you mean. this is all about LSM, and LSM only. this has nothing to do with anything else. please, look at the patch, it speaks for itself. > Did LSM export this symbol FIRST, and does the kernel code NOT export it > in release 2.4.14 without LSM? this symbol does not exist in 2.4.14. this is all about LSM and LSM only. please look at the patch, it speaks for itself. > IFF (if and only if) LSM is accepted, there is substantial, definitive > risk related to exporting these symbols. Otherwise, there may be some > value to this export. there is definitive and substantial risk. namely, one could overwrite the entire capabilities operations structure (simply) from within the kernel. so what? once you've loaded a malicious module into the kernel, game over...so it isn't much of an argument. (and of course, we export the security_ops pointer as well, and yes, i'd like to remove that as well, but currently the dte project and the lsm_ip_glue rely on it being exported, so i'll wait). jmjones, please understand the patch before making allegations that this is political, or favoring LSM vs. 'other solutions'. -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Nov 07 2001 - 16:33:42 PST