Re: Last question on rm -f unused_hooks*

From: Crispin Cowan (crispinat_private)
Date: Fri Oct 04 2002 - 19:52:12 PDT

  • Next message: James Morris: "Re: [RFC] No more module_* hooks"

    Greg KH wrote:
    >My criteria is, that I'm not going to send a patch off, for inclusion in
    >the main kernel tree, that contains a hook that is not needed by a
    >released, GPLed, module.
    Thanks. That's what I thought, but it's good to know for sure.
    >>I accept that it is the Linux way to remove interfaces that are not 
    >>being used. I think it's dumb, but what I think doesn't matter; it's 
    >>what will get into the kernel.
    >It's not dumb.  Why would you think it is dumb?  Why would you expect
    >people to support interfaces that are not being used?  That's just
    >wasteful, and causes unneeded bugs and bloat.
    I am a big fan of parsimony (ruthless simplicity in design & 
    implementation). However, IMHO it's dumb to *blindly* apply a rule of 
    "cut anything not presently being used." That's a good guideline, but it 
    has to be used in context.
    The context here is that we're trying to build an abstract interface 
    between the kernel and security modules. But since we don't yet know the 
    scope of things people will try to do with the interface, it is 
    important that the interface be abstract and regular:
        * anything you can enable you can disable
        * anytime you mediate one kind of object, you should mediate similar
        * similar objects should all be mediated at the same level
        * etc. etc.
    IMHO, at this point in the evolution of the LSM interface "I can't find 
    anyone using this hook" should not be sufficient grounds to cut it. 
    IMHO, sufficient grounds would be any of the following:
        * No one is using a hook and it is a performance penalty.
        * No one is using a hook and it is uniuqe, i.e. not an abstract dual
          of something that is being used.
        * Regardless of whether someone is using a hook, remove it if the
          thing it is mediating is completely bypassable. Alternative: add
          additional hooks until it is no longer bypassable. Engage brain
          before choosing one or the other :)
    Following these guidelines keeps LSM from turning (any more :) into an 
    ugly, ad hoc mass of random hooks.
    Sure, cut what's not needed. But "no one's using it *yet*" is weak 
    evidence for "not needed" in a young interface.
    That's my philosophy of design. But since I don't own the code we're 
    trying to push into, we have to accomodate the code owners as best we can.
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX            
    Security Hardened Linux Distribution:
    Available for purchase:

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private

    This archive was generated by hypermail 2b30 : Fri Oct 04 2002 - 19:54:12 PDT