Re: [PATCH] LSM networking: netlink hooks for 2.5.59 (6/8)

From: David S. Miller (davemat_private)
Date: Thu Jan 30 2003 - 15:19:47 PST

  • Next message: David S. Miller: "Re: [PATCH] LSM networking: tcp hooks for 2.5.59 (8/8)"

    This one is not acceptable, you're adding a function call to
    every netlink SKB receive even in the case where security
    is disabled.
    
    Capability testing is a very simple bit test, there is no
    justification for calling these cap_netlink_{send,recv}() things
    externally for such a simple operation when security is disabled.
    
    It is things like this that make me still totally hate the networking
    security changes.  It is like a virus that is spreading throughout the
    entire tree.  It is a bunch of strange tests that have to be
    maintained which do external calls to modules that are not even in the
    source tree so I can't even see how the callbacks are used (no, the
    fact that there is documentation of the callback doesn't change this
    issue, and no I'm not going to some site to download a bunch of
    security modules everytime I need to make changes in these areas).
    
    Frankly, while I'm very happy about the fixup of the security
    overhead, these changes are still way too invasive.  This stuff
    is garbage.
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 15:36:33 PST