Re: OLS Bof info

From: richard offer (richardat_private)
Date: Mon Jul 01 2002 - 21:52:18 PDT

  • Next message: Chris Wright: "Re: Module Identifier" 

    * sarnoldat_private at '7/1/02 4:11 PM -0700'
*
* On Mon, Jul 01, 2002 at 03:20:14PM -0700, MAILER-DAEMONat_private wrote:
*> I think we need to support running older modules on newer LSM
*> infrastructures, otherwise we're going to get into a viscious circle of
*> version-chicken (a module wants version LSM version X, version X wants
*> kernel Y, but I also need kernel Z (LSM version != X) because that is
*> the  only version for which feature Q is available)...
*
* Richard, all it will take for older modules to run on newer kernels with
* different LSM interfaces (more hooks) is a recompile. Of course, the
* minute that kernel gets to a NULL entry in the security ops structure,
* it will Panic... (Nah, Chris's sanity checking code should find this
* problem, I think.)
*
* When your module doesn't have an entry that is in a new interface, you
* could do one of two simple things: (1) write a stub to return success
* (2) write a stub to return failure. If your module wants to think about
* it, you could write a function to actually think about it. :)
*
* I'd be pretty surprised if this becomes a problem. :)

Do you want to make it a beer bet :-) ?


Someone is going to want a module on a newer version of the kernel than I 
support/use. One way to handle this would be to take patches from them an 
incorporate into my master copy of the module...but opps those hooks aren't 
available in my code... Now I've got to ifdef the code... But on what ? The 
LSM version doesn't get incremented...

This is going to happen when it gets accepted into the mainline, and 
someone backports it to 2.4, the 2.5 and 2.4 LSM infrastructures will 
diverge as each maintainer takes different patches on different days.


And this assumes that Chris's sanity checking code is in there.


richard.

-
richard offer @ home                        DSS  3072/1024 0x8AFBBFA3
        84 FE 48 E4 74 D0 26 D4  31 8E B6 86 98 74 E2 7C  8A FB BF A3
_____________________________http://www.whitequeen.com/users/richard/
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

    This archive was generated by hypermail 2b30 : Tue Jul 02 2002 - 01:45:42 PDT