On Thu, 20 Jun 2002, Greg KH wrote: > Sounds like the same idea as CryptoMark: > http://www.immunix.org/cryptomark.html > But it uses GPG keys to sign binaries. I'll take a look... > It is a nice idea. Be careful of replacing syscalls, it's non-portable > and extremely racy. I'd recommend using the LSM interface for your > execve() hook, which removes all of those problems. We took extreme care to make sure that it *was* portable; how is replacing the system call, in the manner we've implemented it, non-portable (please excuse my obvious kernel-ignorance :-) > Code looks nice at first glance, I'll look it over some more later > tonight. > > thanks, No, thank you! Later, Paul -------------------------------------------------------------------- J. Paul Reed preedat_private || web.sigkill.com/preed Nothing satisfies more than a post-coital omelet of your own design. -- Will Farrell, Saturday Night Live, 5/18/02 _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 19:14:19 PDT