Re: [PATCH] remove sys_security

From: Richard B. Johnson (rootat_private)
Date: Fri Oct 18 2002 - 09:52:49 PDT

  • Next message: Greg KH: "Re: [PATCH] remove sys_security"

    I think, if you are going to reserve a system-call for "security",
    all you need is one. And, I think you need to reserve one.
    
    By default, it calls a dummy procedure that just returns "okay".
    The security folks can write a module that interfaces with this
    one security-hook. You only need one such hook because a system
    call can get a pointer to some structure that tells it what to
    do. You don't need "N" system calls, only one.
    
    Such a simple hook is quite likely the way-to-go. No cruft in
    the kernel, and upon some reported error, the development people
    can say; "Unload the security module and see if you still have
    the error..."
    
    Cheers,
    Dick Johnson
    Penguin : Linux version 2.4.18 on an i686 machine (797.90 BogoMips).
    The US military has given us many words, FUBAR, SNAFU, now ENRON.
    Yes, top management were graduates of West Point and Annapolis.
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 09:53:31 PDT