intercepting system calls

From: Dan Harkless (linux-security-moduleat_private)
Date: Thu Apr 12 2001 - 20:18:02 PDT

  • Next message: beldridgat_private: "LKMs for security"

    Crispin Cowan <crispinat_private> writes:
    > "Anil B. Somayaji" wrote:
    > > Light system calls are good, indeed.  I sorry to say that my
    > > modifications have killed system call latency (but because system
    > > calls in Linux are so lightweight, nobody seems to notice).  However,
    > > I also know that security costs something, and if you want to minimize
    > > those costs, it is best to do actions at the right place, and at the
    > > right time.
    > 
    > I think what Linus is getting at is that the existence of the security
    > module interface should not inherently add any perceptible latency.  This
    > way, the base user doesn't suffer (much) overhead, and users can make a
    > choice about the performance penalty they are willing to pay for security.
    
    You could always make the security module hooks optional at kernel compile
    time.  People who don't care about security won't have any latency, and
    those who do care won't mind since they know what they're getting in return.
    
    --
    Dan Harkless
    SpeedGate Communications, Inc.
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:15:30 PDT