Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
From: Chris Wright
Date: Wed Apr 19 2006 - 15:33:41 EST
* Greg KH (greg@xxxxxxxxx) wrote:
> On Wed, Apr 19, 2006 at 12:33:24PM -0400, James Morris wrote:
> > The LSM interface is also being abused by several proprietary kernel
> > modules, some of which are not even security related. In one case,
> > there's code which dangerously revectors SELinux with a shim layer
> > designed to try and bypass the GPL. Some of this is a response to
> > unexporting the syscall table, where projects which abused that have now
> > switched to LSM.
>
> I agree that this is happening today. Which makes me wonder, why is the
> variable "security_ops" exported through "EXPORT_SYMBOL()" and not
> "EXPORT_SYMBOL_GPL()"? It seems that people are taking advantage of
> this and changing it would help slow them down a bit.
>
> Chris, would you take a patch to change this?
I don't see any reason not to.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/