Re: [RFC] No more module_* hooks

From: Greg KH (gregat_private)
Date: Fri Sep 27 2002 - 13:13:27 PDT

  • Next message: Stephen Smalley: "Re: [RFC] No more module_* hooks"

    On Fri, Sep 27, 2002 at 02:28:45PM -0400, Stephen Smalley wrote:
    > 
    > On Fri, 27 Sep 2002, Greg KH wrote:
    > 
    > > Yes, I think this has always been the criteria for adding hooks.
    > 
    > If so, then this criteria wasn't well-communicated or well-enforced, as
    > there are a number of hooks in the LSM patch that are not used by any
    > of the publically available security modules.  As I recall, there were a
    > number of hooks added after capable() calls to provide finer-grained
    > control over privileged operations without any specific security module
    > motivating the hook.
    
    Ok, then those hooks are up for removal too.  :)
    
    > I think that the rationale for some hooks was simply to provide a
    > consistent and comprehensive interface for controlling kernel operations
    > and kernel objects.
    
    And for modules that actually used these interfaces.  At the beginning
    of the project, we didn't know who was going to use this stuff, as no
    projects had been ported.  Now that at least 3 major projects have been
    ported to the interface, it's time to look at those original decisions
    and see which ones were proven wrong.
    
    Obviously the module_* hooks were wrong to do, as they are not being
    used.  So I want to remove them.
    
    I think we should go back through all of the hooks and check to make
    sure that they are in use, and that they are sanely protecting what we
    think they are protecting, before we submit them to the main kernel
    tree.
    
    Is this ok?
    
    thanks,
    
    greg k-h
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 13:16:24 PDT