Re: [RFC] LSM fix for stupid "empty" functions

Previous message: Olaf Dietsche: "Re: [RFC] LSM fix for stupid &quot;empty&quot; functions"
In reply to: Olaf Dietsche: "Re: [RFC] LSM fix for stupid &quot;empty&quot; functions"
Next in thread: Christoph Hellwig: "Re: [RFC] LSM fix for stupid &quot;empty&quot; functions"
Reply: Christoph Hellwig: "Re: [RFC] LSM fix for stupid &quot;empty&quot; functions"
Reply: James Morris: "Re: [RFC] LSM fix for stupid &quot;empty&quot; functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

gregat_private

On Sun, Dec 01, 2002 at 05:59:10PM +0100, Olaf Dietsche wrote:
> >  	VERIFY_STRUCT(struct security_operations, ops, err);
> 
> This shouldn't be necessary anymore.

Good point, I'll remove it.  It was a hack anyway :)

> You're patching other people's data structures. Not everybody may like
> this. Maybe it's even impossible on ROM based systems. Do you think a
> copy is doable? Just a thought.

Does the kernel work if data structures are in ROM?  I would think that
lots of variables in the kernel would have this problem :)

And yes, patching other people's data structures isn't the nicest thing
to do, but it was the simplest proposal I've come up with so far (we've
had a lot of other pretty "odd" proposals for this problem in the past.)

> >  	if (verify (ops)) {
> >  		printk (KERN_INFO "%s could not verify "
> 
> When ops is NULL, this check is too late.

Oops, forgot that, I'll go fix it up.

thanks,

greg k-h
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module