Chris Wright wrote: >* richard offer (offerat_private) wrote: > > >>A suggestion by David Wheeler was to use the first 8 chars of an md5sum, so >>I'm using >> >>/* sys_security modid >> * Generated from >> * echo "SGI Trusted Linux" | md5sum | cut -c -8 >> */ >>#define SYS_SECURITY_MODID 0xc4c7be22 >> >> >>This doesn't reqire a web infrastructure and yet is less susceptable to a >>human non-random number generator.... >> >> >Yes, I prefer this method. You could also use the module name. > I don't believe we can get people to consistently apply the same input string to md5sum. The likely result is that module numbers will just be pretty good 32-bit random numbers, but the 32-bit random numbers will not be obviously derivable from the module's name. This is likely ok: 4 gig is a big space for the world of LSM modules :) But I still believe that some form of documentation of "this modules number is 0x2989874" somewhere. But if we're just counting on 32-bit random numbers to be unique :) then we don't need a central registry. So I yield: Chris has better things to do than create a registry. There goes my plans for wealth through auctioning eleet module numbers :) Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 14:48:27 PDT