Re: Thinking about stacking in LSM: merge registering, add info about field use to security_operations

From: Crispin Cowan (crispinat_private)
Date: Mon Jul 22 2002 - 08:22:16 PDT

  • Next message: Greg KH: "Re: Another version of stacker.c (URL attached) - Locking."

    Lachlan McIlroy wrote:
    
    > This interface is abstract enough that it will support
    > nested multiplexing modules (if anybody wants such a
    > feature - you could even have a B-tree of LSM modules
    > where the module id is the key!). 
    
    Eek! Gad, what a frightening prospect :)
    
    Such a configuration would make it a nightmare to guess whether a given 
    operation is permitted or not, creating problems both for legitimate 
    application developers and users (who want to know what they can do), 
    and for security system administrators (who want to know exactly what is 
    permitted and what is not).
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX                      http://wirex.com/~crispin/
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Jul 22 2002 - 10:55:45 PDT