On Wed, 2002-10-02 at 23:55, Seth Arnold wrote: > We've said on this list a few times that it is important for security > module authors to understand the implications of their decisions. > Deciding to not mediate module parameters is a valid decision. Deciding > to mediate module parameters is a valid decision. One requires very > little thought and sidesteps the matter entirely. The other requires > quite a bit of thought and is difficult to get right -- but that is not > a problem for LSM, per se; it is for the authors of security modules. In many cases I disagree. Garbage in - garbage out. That goes for security policy decisions as well as the revenue. The security modules must get data that is sufficient to make the decision, locked correctly and with a defined scope and lifespan. For example passing an ascii path without thought is useless because you would race name lookups against things like symlinks. The same goes for audit stuff which is one of the reasons snare needs a lot of work yet Alan _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Oct 02 2002 - 16:01:34 PDT