Re: Stacking - anyone care how to report module id's?

• Previous message: Greg KH: "Re: Stacking - anyone care how to report module id's?"
• In reply to: Greg KH: "Re: Stacking - anyone care how to report module id's?"
• Next in thread: Chris Wright: "Re: Stacking - anyone care how to report module id's?"
• Next in thread: Crispin Cowan: "Re: Stacking - anyone care how to report module id's?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 26 Aug 2002, Greg KH wrote:

> Come on people, if there is a real problem, I'd be glad to deal with it.
> And as there is no posted code showing a problem, I think this thread
> should just die.


Chiming in before this thread "dies."

I fully understand the thinking behind the need for specifying the 
module id to the stacker so it can implement a policy regarding who gets
the syscall, in which order, and what responses from which subordinate
module should be returned in which way and how.  I'll call that the
"stacker policy."

This is not the place for a discussion of the value of one stacker-policy
over another, IMHO, since there has long been a habit of not preferring
ANY policy over another in modules... and a stacker is a module.  Perhaps
ONE stacker will need to poll several modules to gain a consensus, another
may give a SPECIFIC module full rights-of-rejection.

It seems that the attempt here is to provide a stacker that can adapt to 
"foreign" modules.  The consensus has been that combining module NOT
written specifically interoperate is a fool's game ... and potentially
very dangerous.

I believe there are techniques to address this problem already existant in
module-families which are specifically CODED to interoperate. 

While I absolutely agree with Cowen , Kletnieks, et al, I have to say that
Greg's policy of "show the need with actual applications, then resolve a
consensus as to how LSM can provide a common advantage to those
applications, THEN... cautiously... add it to the interface" is more
consistant with the past practices of this project and, therefore, should
win the day, and better for overall Linux Security.

Yeah, I know... I'll be fighting FOR this change, eventually,
But, for NOW, it's, IMHO, inconsistant,
I'm saving stuff like this for TNG, if it happens,
Push it to TNG?

J. Melvin Jones
 


*-------------------------------------------------------
* J. Melvin Jones                http://www.jmjones.com/
* Webmaster, System Administrator, Network Administrator
* ------------------------------------------------------





_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: David Wheeler: "Re: linux-security-module digest, Vol 1 #575 - 5 msgs"
• Previous message: Greg KH: "Re: Stacking - anyone care how to report module id's?"
• In reply to: Greg KH: "Re: Stacking - anyone care how to report module id's?"
• Next in thread: Chris Wright: "Re: Stacking - anyone care how to report module id's?"
• Next in thread: Crispin Cowan: "Re: Stacking - anyone care how to report module id's?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 26 2002 - 11:28:31 PDT