On Wed, Oct 02, 2002 at 07:39:40PM +0100, Christoph Hellwig wrote:
> > It seems to me that you're arguing both sides here - first you say that
> > a full code audit is needed so you know 'WTF is going on', and then you're
> > saying that it's impossible to know.
>
> The person who performs the audit can know it. But how often will that be
> the author of the LSM module?
We've said on this list a few times that it is important for security
module authors to understand the implications of their decisions.
Deciding to not mediate module parameters is a valid decision. Deciding
to mediate module parameters is a valid decision. One requires very
little thought and sidesteps the matter entirely. The other requires
quite a bit of thought and is difficult to get right -- but that is not
a problem for LSM, per se; it is for the authors of security modules.
-- http://immunix.org/
This archive was generated by hypermail 2b29 : Mon Oct 07 2002 - 22:00:36 EST