Re: [RFC] LSM changes for 2.5.38

• Previous message: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• In reply to: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• Next in thread: Alan Cox: "Re: [RFC] LSM changes for 2.5.38"
• Reply: Alan Cox: "Re: [RFC] LSM changes for 2.5.38"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 02, 2002 at 07:39:40PM +0100, Christoph Hellwig wrote:
> > It seems to me that you're arguing both sides here - first you say that
> > a full code audit is needed so you know 'WTF is going on', and then you're
> > saying that it's impossible to know.
> 
> The person who performs the audit can know it.  But how often will that be
> the author of the LSM module? 

We've said on this list a few times that it is important for security
module authors to understand the implications of their decisions.
Deciding to not mediate module parameters is a valid decision. Deciding
to mediate module parameters is a valid decision. One requires very
little thought and sidesteps the matter entirely. The other requires
quite a bit of thought and is difficult to get right -- but that is not
a problem for LSM, per se; it is for the authors of security modules.


-- 
http://immunix.org/

• application/pgp-signature attachment: stored

• Next message: Alan Cox: "Re: [RFC] LSM changes for 2.5.38"
• Previous message: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• In reply to: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• Next in thread: Alan Cox: "Re: [RFC] LSM changes for 2.5.38"
• Reply: Alan Cox: "Re: [RFC] LSM changes for 2.5.38"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 02 2002 - 15:56:40 PDT