Casey Schaufler wrote: >To my mind the difference between C+R and Auth is based on >the impact it has on someone who is reading the code for some >reason other than adding security features. [...] > >That's how I see it. Maybe I'm splitting hares, but I'd >rather sacrifice rabbits than unsuspecting kernel developers. Agreed. I don't think you are splitting hares, and I do agree that this is a good reason to prefer authoritative hooks over the capable+restrictive trick. Good software engineering is important, when security is on the line. This is indeed a potential benefit of authoritative hooks, if you're implementing security logic that is inherently authoritative in nature (i.e., it overrides kernel decisions). I think many of us are just worried that the potential costs of authoritative hooks may outweigh the benefits. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Nov 10 2001 - 16:41:47 PST