On Fri, 16 Nov 2007, Eric Paris wrote:
> When this protection was originally concieved it intentionally was
> offing something even without an more 'full featured' LSM. That was the
> whole reason I had to drop the secondary stacking hook inside the
> selinux code.
>
> While I now understand the question, I think that this is the behavior
> most people would want. I'll revert the security enhancement for
> non-LSM systems if others agree with James, but I think adding another
> small bit of protection against kernel flaws for everyone who wants
> security is a win. (and remember, in kernel we still default this to
> off so noone is going to 'accidentally' see and security checks in the
> dummy hooks)
If it's off by default and generally useful across LSMs, why not just put
it in the base kernel code?
- James
--
James Morris <[email protected]>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
