Re: Low-cost hooks, multiple modules, per-task data

• Previous message: Kurt P. Hundeck: "Re: linux-security-module digest, Vol 1 #26 - 11 msgs"
• In reply to: David Wheeler: "Low-cost hooks, multiple modules, per-task data"
• Next in thread: Casey Schaufler: "Re: Low-cost hooks, multiple modules, per-task data"
• Reply: Casey Schaufler: "Re: Low-cost hooks, multiple modules, per-task data"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Wheeler wrote:
>   The LTT micro-benchmarks don't look so great to me.  They look like a
>   lot of overhead, frankly, which may make any hooks hard to accept.

Please see my previous posting regarding how these issues can be addressed
(and will certainly be, for LTT at least).

>   The "hook" call (whatever it looks like) could be implemented in a way
>   that does things efficiently, as long as it appears simple
>   to the caller.  It could support an #ifdef to completely disable it
>   (mollifying those who "don't want it at all").

The current LTT hooks can be #ifdef as you suggest.

>   This isn't self-modifying code in the "nasty" sense -- it's merely
>   an optimization.

I agree with your line of thought. Take a look at the other self-modifying
code suggestion I made (using unconditionnal branches) and let me know
what you think.

>   Since self-patching is CPU-architecture-specific, there might a
>   "generic" implementation (to aid those porting Linux to a new CPU type
>   or one less used) and a "highly optimized" implementation for hooks.

Hmm... Interesting.

> * More needs to be done about auditing.
> 
>   But I agree that would be outside of this group.
>   Currently, it's not easy to do things like
>   "don't allow this operation if I can't audit it"  -- printk just
>   doesn't cut it.  It'd be nice to have something better than printk.

Sorry for suggesting this again, but LTT does this already is some part. 
That is, since you can see exactly all the operations taking place,
you can see what's normal and what's not. The state machine engine
I spoke of complements this since you can react to a already happening
sequence of events. Even though, as previous discussions have shown,
the hooks' positionning won't enable you to take part of the kernel's
decisions, you'll still be able to react to the decisions being taken.
(As I said before, Alan suggested that LTT could be used to bring C2
security to Linux ... anyone interested in making this a reality?)

Cheers,

Karim

===================================================
                 Karim Yaghmour
               karymat_private
      Embedded and Real-Time Linux Expert
===================================================

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Casey Schaufler: "Re: Low-cost hooks, multiple modules, per-task data"
• Previous message: Kurt P. Hundeck: "Re: linux-security-module digest, Vol 1 #26 - 11 msgs"
• In reply to: David Wheeler: "Low-cost hooks, multiple modules, per-task data"
• Next in thread: Casey Schaufler: "Re: Low-cost hooks, multiple modules, per-task data"
• Reply: Casey Schaufler: "Re: Low-cost hooks, multiple modules, per-task data"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 18 2001 - 17:11:05 PDT