From: Olaf Dietsche <olaf.dietsche#list.linux-kernel@t-online.de>
To: Greg KH <greg@kroah.com>
Cc: linux-security-module@wirex.com, linux-kernel@vger.kernel.org
Subject: Re: [RFC] LSM fix for stupid "empty" functions
Date: Sun, 01 Dec 2002 17:59:10 +0100 [thread overview]
Message-ID: <87k7it3cbl.fsf@goat.bogus.local> (raw)
In-Reply-To: 20021201083056.GJ679@kroah.com
Greg KH <greg@kroah.com> writes:
> I'm _really_ tired of all of the "empty" functions that all security
> modules need to provide. So here's a brute force patch that lets any
> security module only set the functions that it wants to override. If
> the function is NULL, then the "dummy" function will be used instead.
>
> What do people think of this? I also cleaned up the comment in the
> verify function of security/security.c and made it not inline.
I second this. It's very annoying and error-prone to define lots of
unnecessary functions, not to mention maintainability.
> ===== security/security.c 1.4 vs edited =====
> --- 1.4/security/security.c Thu Oct 17 13:21:20 2002
> +++ edited/security/security.c Sat Nov 30 23:01:07 2002
[...]
> @@ -59,11 +61,8 @@
> /* Perform a little sanity checking on our inputs */
> err = 0;
>
[...]
> VERIFY_STRUCT(struct security_operations, ops, err);
This shouldn't be necessary anymore.
> @@ -106,6 +105,7 @@
> */
> int register_security (struct security_operations *ops)
> {
> + security_fixup_ops (ops);
You're patching other people's data structures. Not everybody may like
this. Maybe it's even impossible on ROM based systems. Do you think a
copy is doable? Just a thought.
> if (verify (ops)) {
> printk (KERN_INFO "%s could not verify "
When ops is NULL, this check is too late.
> @@ -162,6 +162,8 @@
> */
> int mod_reg_security (const char *name, struct security_operations *ops)
> {
> + security_fixup_ops (ops);
> +
> if (verify (ops)) {
> printk (KERN_INFO "%s could not verify "
> "security operations.\n", __FUNCTION__);
Same here.
Nevertheless, I like this patch.
Regards, Olaf.
next prev parent reply other threads:[~2002-12-01 16:52 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-12-01 8:30 [RFC] LSM fix for stupid "empty" functions Greg KH
2002-12-01 8:17 ` Crispin Cowan
2002-12-01 17:49 ` Greg KH
2002-12-01 16:59 ` Olaf Dietsche [this message]
2002-12-01 18:12 ` Greg KH
2002-12-01 17:21 ` Christoph Hellwig
2002-12-01 18:26 ` Greg KH
2002-12-03 2:37 ` Dragan Stancevic
2002-12-03 16:01 ` Greg KH
2002-12-03 15:14 ` Dragan Stancevic
2002-12-01 17:46 ` James Morris
2002-12-01 18:46 ` Olaf Dietsche
2002-12-01 20:05 ` Greg KH
2002-12-01 19:25 ` Greg KH
2002-12-02 2:00 ` James Morris
2002-12-02 6:57 ` Greg KH
2002-12-03 8:04 ` James Morris
2002-12-04 0:13 ` [RFC] LSM fix for stupid "empty" functions - take 2 Greg KH
2002-12-04 8:14 ` Chris Wright
2002-12-04 23:00 ` Greg KH
2002-12-04 23:44 ` Chris Wright
2002-12-05 0:09 ` James Morris
-- strict thread matches above, loose matches on Subject: below --
2002-12-01 18:57 [RFC] LSM fix for stupid "empty" functions Adam J. Richter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k7it3cbl.fsf@goat.bogus.local \
--to=olaf.dietsche#list.linux-kernel@t-online.de \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.