From: "David S. Miller" <davem@redhat.com>
To: jmorris@intercode.com.au
Cc: kuznet@ms2.inr.ac.ru, netdev@oss.sgi.com,
linux-security-module@wirex.com
Subject: Re: [PATCH] LSM networking: netlink hooks for 2.5.59 (6/8)
Date: Thu, 30 Jan 2003 15:19:47 -0800 (PST) [thread overview]
Message-ID: <20030130.151947.48545419.davem@redhat.com> (raw)
In-Reply-To: <Pine.LNX.4.44.0301311006230.31382-100000@blackbird.intercode.com.au>
This one is not acceptable, you're adding a function call to
every netlink SKB receive even in the case where security
is disabled.
Capability testing is a very simple bit test, there is no
justification for calling these cap_netlink_{send,recv}() things
externally for such a simple operation when security is disabled.
It is things like this that make me still totally hate the networking
security changes. It is like a virus that is spreading throughout the
entire tree. It is a bunch of strange tests that have to be
maintained which do external calls to modules that are not even in the
source tree so I can't even see how the callbacks are used (no, the
fact that there is documentation of the callback doesn't change this
issue, and no I'm not going to some site to download a bunch of
security modules everytime I need to make changes in these areas).
Frankly, while I'm very happy about the fixup of the security
overhead, these changes are still way too invasive. This stuff
is garbage.
prev parent reply other threads:[~2003-01-30 23:19 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-01-30 22:42 [PATCH] LSM networking: introduction (0/8) James Morris
2003-01-30 22:46 ` [PATCH] LSM networking: kconfig (1/8) James Morris
2003-01-30 22:51 ` [PATCH] LSM networking: netdev hooks for 2.5.59 (2/8) James Morris
2003-01-30 22:56 ` [PATCH] LSM networking: skb hooks for 2.5.59 (3/8) James Morris
2003-01-30 23:01 ` [PATCH] LSM networking: socket hooks for 2.5.59 (4/8) James Morris
2003-01-30 23:06 ` [PATCH] LSM networking: ipv4 hooks for 2.5.59 (5/8) James Morris
2003-01-30 23:10 ` [PATCH] LSM networking: netlink hooks for 2.5.59 (6/8) James Morris
2003-01-30 23:17 ` [PATCH] LSM networking: af_unix hooks for 2.5.59 (7/8) James Morris
2003-01-30 23:22 ` [PATCH] LSM networking: tcp hooks for 2.5.59 (8/8) James Morris
2003-01-30 23:25 ` David S. Miller
2003-01-31 0:15 ` James Morris
2003-01-31 0:16 ` David S. Miller
2003-02-01 0:12 ` James Morris
2003-01-30 23:19 ` David S. Miller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030130.151947.48545419.davem@redhat.com \
--to=davem@redhat.com \
--cc=jmorris@intercode.com.au \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-security-module@wirex.com \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).