Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756562AbXJ1Uqm (ORCPT ); Sun, 28 Oct 2007 16:46:42 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752192AbXJ1Uqb (ORCPT ); Sun, 28 Oct 2007 16:46:31 -0400 Received: from sovereign.computergmbh.de ([85.214.69.204]:37081 "EHLO sovereign.computergmbh.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752021AbXJ1Uqa (ORCPT ); Sun, 28 Oct 2007 16:46:30 -0400 Date: Sun, 28 Oct 2007 21:46:29 +0100 (CET) From: Jan Engelhardt To: Tilman Schmidt cc: Pavel Machek , Casey Schaufler , Chris Wright , Adrian Bunk , Simon Arlott , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Linus Torvalds , Andreas Gruenbacher , Thomas Fricaccia , Jeremy Fitzhardinge , James Morris , Crispin Cowan , Giacomo Catenazzi , Alan Cox Subject: Re: Linux Security *Module* Framework In-Reply-To: <4724E63F.2030600@imap.cc> Message-ID: References: <20071025002356.GB3660@sequoia.sous-sol.org> <183239.5113.qm@web36604.mail.mud.yahoo.com> <20071027182229.GC4159@ucw.cz> <4724E63F.2030600@imap.cc> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1598 Lines: 57 On Oct 28 2007 20:42, Tilman Schmidt wrote: >Am 27.10.2007 20:22 schrieb Pavel Machek: >> Hi! >> >>> but require unreasonable interface changes. As people who care >>> about security (y'all who are only from the LKML are excused) it >>> is our obligation to look beyond the preconceived notions of what >>> is and isn't secure. Security is subjective. It's how you feel >>> about it. >> >> Hmm. So lets add automagic security module. It magically fixes >> security holes, and you can feel good about it. > >Send patch. Perfect security from threats that normally deliver via internet! (And it is even one of these that benefit from being modular!) #include #include #include #include static void cl(const char *name, const char *state) { const char *args[] = {"ip", "link", "set", name, state, NULL}; call_usermodehelper("/sbin/ip", (char **)args, NULL, UMH_NO_WAIT); } int __init automagic_security_init(void) { const struct net_device *dev; for_each_netdev(&init_net, dev) cl(dev->name, "down"); return 0; } void __exit automagic_security_exit(void) { const struct net_device *dev; for_each_netdev(&init_net, dev) cl(dev->name, "up"); return; } module_init(automagic_security_init); module_exit(automagic_security_exit); - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/