Re: Re: [AppArmor 00/41] AppArmor security module overview
From: Jeff Schroeder
Date: Sun Apr 29 2007 - 15:09:29 EST
From: David Wagner <daw <at> cs.berkeley.edu>
David Wagner wrote:
I still think that ptrace() is not the best way to implement this kind
of security tool, and I think it's entirely understandable that they did
not use ptrace. I do not think it is a fair criticism of AppArmor to say
"AppArmor should have used ptrace()".
Take a look at utrace in -mm, it offers a completely backwards compatible
ptrace() syscall implemented as a module ontop of it. utrace looks like the
way things will be going forward
Think of ptrace() implemented using utrace as ptrace that "Sucks Less TM".
Maybe Andy will let utrace out of -mm for 2.6.23.
(please cc: me in any responses)
Don't drink and derive, alcohol and analysis don't mix.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/