From: Greg KH <greg@kroah.com>
To: Anton Altaparmakov <aia21@cam.ac.uk>
Cc: Hans Reiser <reiser@namesys.com>, LA Walsh <law@sgi.com>,
reiserfs-dev@namesys.com, linux-kernel@vger.kernel.org,
reiserfs-list@namesys.com
Subject: Re: Security hooks, "standard linux security" & embedded use
Date: Thu, 12 Jul 2001 11:47:29 -0700 [thread overview]
Message-ID: <20010712114729.B735@kroah.com> (raw)
In-Reply-To: <3B49F602.DB39B3A@sgi.com> <3B4DDFD8.27C1C3D9@namesys.com> <5.1.0.14.2.20010712192608.0365e588@pop.cus.cam.ac.uk>
In-Reply-To: <5.1.0.14.2.20010712192608.0365e588@pop.cus.cam.ac.uk>; from aia21@cam.ac.uk on Thu, Jul 12, 2001 at 07:37:36PM +0100
On Thu, Jul 12, 2001 at 07:37:36PM +0100, Anton Altaparmakov wrote:
>
> This seems very good in view of implementing ACL support for NTFS, too. -
> We have all the NTFS layout knowledge to do it now. We just lack the
> kernel/user space infrastructure.
>
> When designing this modular security infrastructure it would be useful if
> it is made generic enough to allow callbacks into user space for permission
> checking.
The current model lets you do whatever you want in your kernel module.
It imposes no policy, that's up to you.
All the better to keep userspace callbacks for security out of my
kernels, for that way is ripe for problems (for specific examples why,
see the linux-security-module mailing list archives.)
thanks,
greg k-h
next prev parent reply other threads:[~2001-07-12 18:51 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <3B49F602.DB39B3A@sgi.com>
2001-07-12 17:35 ` Security hooks, "standard linux security" & embedded use Hans Reiser
2001-07-12 18:25 ` Greg KH
2001-07-12 18:37 ` Anton Altaparmakov
2001-07-12 18:47 ` Greg KH [this message]
2001-07-12 19:16 ` LA Walsh
2001-07-12 19:04 ` Anton Altaparmakov
[not found] <20010712112102.D32683@kroah.com>
2001-07-12 20:32 ` Crispin Cowan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010712114729.B735@kroah.com \
--to=greg@kroah.com \
--cc=aia21@cam.ac.uk \
--cc=law@sgi.com \
--cc=linux-kernel@vger.kernel.org \
--cc=reiser@namesys.com \
--cc=reiserfs-dev@namesys.com \
--cc=reiserfs-list@namesys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.