Re: Thinking about stacking in LSM: merge registering, add info about field use to security_operations

Previous message: David Wheeler: "Re: Another version of stacker.c (URL attached) - Locking."
In reply to: Lachlan McIlroy: "Re: Thinking about stacking in LSM: merge registering, add info about field use to security_operations"
Next in thread: Chris Wright: "Re: Thinking about stacking in LSM: merge registering, add info about field use to security_operations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

crispinat_private

Lachlan McIlroy wrote:

> This interface is abstract enough that it will support
> nested multiplexing modules (if anybody wants such a
> feature - you could even have a B-tree of LSM modules
> where the module id is the key!). 

Eek! Gad, what a frightening prospect :)

Such a configuration would make it a nightmare to guess whether a given 
operation is permitted or not, creating problems both for legitimate 
application developers and users (who want to know what they can do), 
and for security system administrators (who want to know exactly what is 
permitted and what is not).

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX                      http://wirex.com/~crispin/
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module