[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-security-module
Subject:    Re: [PATCH] Add in_execve flag into task_struct.
From:       James Morris <jmorris () namei ! org>
Date:       2009-02-12 4:08:50
Message-ID: alpine.LRH.1.10.0902121504130.18145 () tundra ! namei ! org
[Download RAW message or body]

On Thu, 5 Feb 2009, David Howells wrote:

> Serge E. Hallyn <serue@us.ibm.com> wrote:
> 
> > It's ugly, you can't get me to say it isn't ugly :), and it sets a scary
> > bad precedent.  But if David insists (in a reply to this msg) that this
> > flag really is tops, then just ignore me.  Anyway my point wasn't to
> > block the patch but to raise discussion (so someone else could decide to
> > block it :) on both the flag and security implications of these
> > semantics.
> 
> I think it's probably the best way to support Tomoyo's security model without
> reworking a chunk of execve().

Agreed.  It's somewhat less than perfect, but I don't see a better 
alternative.


- James
-- 
James Morris
<jmorris@namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]