Re: [RFC][PATCH} 2.6 and grsecurity

From: Martin Waitz
Date: Tue Feb 17 2004 - 09:24:43 EST


hi :)

On Mon, Feb 16, 2004 at 08:34:17PM -0500, Valdis.Kletnieks@xxxxxx wrote:
> spin_lock_bh(&inet_peer_idlock);
> - id = p->ip_id_count;
> +#ifdef CONFIG_SECURITY_RANDID
> + if (security_enable_randid)
> + id = ip_randomid();
> + else
> +#endif
> + id = p->ip_id_count;

you could #define security_enable_* to 0 when CONFIG_SECURITY_*
is disabled. thay way you don't need the ugly #ifdef in the .c file

on the other hand, why do one need a syscall anyway.
only to justify the existence of some ugly lockdown mode?

well, why make it even configurable?
eigther it increases security, then by all means: enable it
unconditionally;
or it doesn't increase security, and why do we need it then?


--
CU, / Friedrich-Alexander University Erlangen, Germany
Martin Waitz // Department of Computer Science 12 _________
______________/// - - - - - - - - - - - - - - - - - - - - ///
dies ist eine manuell generierte mail, sie beinhaltet //
tippfehler und ist auch ohne grossbuchstaben gueltig. /

Attachment: pgp00000.pgp
Description: PGP signature