hello, It is really an interesting talk here.. > > I know it is more fun to run off and implement a quick and dirty example but > > aren't we jumping the gun? I don't think Linux needs a quick and dirty > > security solution. I believe that if we want to actually respond to Linus's > > charge, we need to spend a short time looking at the various approaches and > > then agree on a practical, maximally inclusive approach. After all, if Linus > > simply wanted something not too bad that he could slap into the kernel now, > > he would have chosen one of the existing prototypes. I believe that he > > expects us to come up with a thoughtful design that offers a platform for > > strong security built upon the lessons learned from the existing approaches. Yes, I think that we can use all our efforts on designing a pratical implemenation here. The Security OS theory which has been research for a couple of years should be helpful for us..Such as the Reference Monitor and what Janus and DTE(Domain a Type Enforence).. I think the basic question to a security modules or security OS will be how to apply the __access control__ in the kernel. How does this access control module apply to the real world security problem. IMHO, ot only the original reference monitor use the concept of subject and object in the system, but also the DTE which is being researched And many current security project are also using the theory basis. > > -chris > For the implementation issue, IMHO, for the file operation security, we can use the "sys_open()" only to do the checkpoint but not the read()/write()... I hope I can help on this design or implementation..thanks. -Huagang. -- Happy Hacking LIDS secure linux kernel http://www.lids.org/ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Apr 14 2001 - 00:22:51 PDT