Re: backward compat / access (was Re: Benchmarks)

• Previous message: Crispin Cowan: "Re: Hook function suggestion"
• Maybe in reply to: Flavien Lebarbe: "backward compat / access (was Re: Benchmarks)"
• Next in thread: richard offer: "Re: backward compat / access (was Re: Benchmarks)"
• Next in thread: Crispin Cowan: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------  Received message begins Here  ---------

> 
> Seth Arnold wrote:
> 
> > * Luc Pardon <lucpat_private> [010418 01:02]:
> > > An application developer may want to inform the user that (s)he
> > > doesn't have sufficient rights to do something, without actually
> > > attempt to do that "something" and set off all kinds of alarms.
> >
> > While I think I understand the reasoning involved, I know *I* would like
> > to keep Linux as source-compatible with other Unix-like and Unix
> > operating systems as possible. A mess of new syscalls (or one new
> > syscall with a generic interface and many library wrappers) would only
> > encourage non-standard code.
> 
> I see all of this as being part & parcel of module design, not
> LSM interface design.  If you wanna write a module that provides this
> functionality, go right ahead.  It will not be standard, and thus most
> applications won't use that functionality.  But the freedom to do so is
> exactly what LSM is about.
> 
> 
> > Furthermore, I don't know if requiring the module to support such query
> > interfaces is a good idea either -- the policy a module may desire to
> > implement may wish to restrict this sort of information. Requiring the
> > module to support query interfaces would leak this information, going
> > against the module's design policy.
> 
> What LSM should be supporting is sufficient hooks to write such an
> interface.  Even that is tentative:  I want to see an actual module that
> needs this functionality before it goes into the LSM interface.

Not a module, but a daemon like a user space NFS/Samba/other filesystem like
daemon that has access privileges, but needs to have a requested access
evaluated.

It's only a POSSIBLE interface, not a required one. Personally, I don't
think it would or should require a system call if there were a way to
have an IOCTL to pass the request through. Much better than having to
switch UIDs (or security contexts) to get an access evaluation done.

-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollardat_private

Any opinions expressed are solely my own.

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen Smalley: "Direction of the mailing list/effort"
• Previous message: Crispin Cowan: "Re: Hook function suggestion"
• Maybe in reply to: Flavien Lebarbe: "backward compat / access (was Re: Benchmarks)"
• Next in thread: richard offer: "Re: backward compat / access (was Re: Benchmarks)"
• Next in thread: Crispin Cowan: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 18 2001 - 10:26:58 PDT