Chris Wright wrote: > > I am intrigued by the possiblity of reusing anything that LTT has done. > I looked at your patch, and found mixed results. In some places the > hooks are expactly where I'd expect them. In other spots, (like open, > or socket) the hooks are too late. They are effectively recording that > these events just happened...this is the wrong spot for a security > module hook, IMHO. Also, the hooks appear often right in the function > implementing a syscall. I think compeilling arguments can be made for > moving the hooks deeper into the code path (e.g. deeper into the VFS > layer). Generically the argument would be...the code path will discover > things that we need to know to make a security decision. If the hook is > too soon, we have to reimplement this in the module...making it slow. > While it is tempting to place the hooks as soon as possible, I think it > may make more sense to place them as late as possbile when the kernel > will have collected the most information about the action underway. > It seems to me this will make the module interface richest. > Examples: > - On open we may care about the absolute path which isn't known at > first. It is the namei code that tries to sort out the ../.. stuff and > get a dentry. > - On a tcp/ip socket send...it is late (in the ip layer) that you actually > get the outgoing device which seems like useful security info. Interesting analysis. I agree with your appreciation of the positionning of the hooks. Some retrieve interesting information regarding the occurrence of an event, but are too far from the critical decision making to be useable for a security module hook. This is an argument for what I suggested previously, a broad range of pre-defined hooks that could be selected at compile-time. I suspect that there could be different degrees of hooking. Hence, a basic security module may need a very little number of hooks, whereas an extended security module may necessitate deeper hooks. This too could be made configurable. > I do like how you've abstracted the interface. (especially since it has > a similar object view to my view ;-). I'm still trying to figure out > how we can borrow some of your work, I think it is good stuff. Glad you're interested. Let me know if I can be of any help. P.S.: Note that it is currently possible to dynamically create events with LTT. This has interesting uses in module debugging, but could also be quite effectively used for hook-placement testing. Cheers, Karim =================================================== Karim Yaghmour karymat_private Embedded and Real-Time Linux Expert =================================================== _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 23:06:08 PDT