On Thursday 18 July 2002 06:39 pm, Chris Wright wrote: > * David Wheeler (dwheelerat_private) wrote: > > It's not clear to me that a multiplexor could really > > "account for it properly", since it doesn't have the > > information it needs to detect this problem. Actually, > > It's simple. Keep a stack of security ptrs. Swap out for the module > specific ptr before you ask the module's opinion and iterate through > the module stack. Hmmm, seems like there would be complications. Consider a security module which, for whatever reason, does something like this: current->security->inheritable_trait = current->p_pptr->security->inheritable_trait; The left-hand side would be fine because of the swap, but would the right-hand side be? That is, would the multiplexor module swap the parent task's security ptr as well? It seems like a multiplexor module would be very hard with the current interface because modules are written to access the security blob directly. Matt _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jul 18 2002 - 19:13:43 PDT