Re: secmodel_{,de}register()

To: Antti Kantee <pooka%cs.hut.fi@localhost>, tech-kern%netbsd.org@localhost, tech-security%netbsd.org@localhost
Subject: Re: secmodel_{,de}register()
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Mon, 20 Apr 2009 11:30:22 +0300

On Mon, Apr 20, 2009 at 5:20 AM, Antti Kantee <pooka%cs.hut.fi@localhost> wrote:

> What are you trying to protect against?  bugs?  Sounds like quite a
> radical bug.

Ideally, trying to protect against malicious kernel code degrading the
security of the system, but I guess we're not there yet (google for
KERNSEAL).

> Why not just register an unremovable allow-all secmodel and get rid
> of special case nsecmodels==0 completely (or is it necessary for
> bootstrapping)?

Because it doesn't solve the problem I really care about.

Anyway, I was just putting it out there, but the more I think of it the
more I realize it's not something we should care about at this point.

Sorry for the noise,
-e.

References:
- secmodel_{,de}register()
  - From: Elad Efrat
- Re: secmodel_{,de}register()
  - From: Antti Kantee

Prev by Date: Re: secmodel_{,de}register()
Next by Date: new security framework Anoubis
Previous by Thread: Re: secmodel_{,de}register()
Next by Thread: new security framework Anoubis
Indexes:

Home | Main Index | Thread Index | Old Index