Re: More Input From User Space

From: Greg KH (gregat_private)
Date: Thu Apr 19 2001 - 10:18:43 PDT

  • Next message: jmjonesat_private: "Re: More Input from User Space" 

    On Thu, Apr 19, 2001 at 11:55:53AM -0400, jmjonesat_private wrote:
> 
> Is there a list of calls on this list or elsewhere that defines all these
> places?
> 
> It SEEMS to me, you're rushing to code.

We're "rushing to code" because that is the only place all of this is
documented.  And it provides the best base for everyone to discuss with
concrete examples, rather than abstract ideas of how things might
possibly work (like the whole self modifying thread :)

> HOW the hook is implemented, seems to me, to be one of those questions
> that you can't answer "globally".  Some platforms/processors will do 
> better with a table lookup, some will do better with a NOP patch.  Any 
> suitably "generalized" set of hooks will abstract this issue so that it
> will work across platforms.  Perhaps THIS TOO should be moved to the 
> module, so that module builders can define it with #ifdef's when the 
> module is compiled?   Could ALL access to the kernel be intercepted at 
> the lowest possible level and redirected to the module?  More work for 
> module programmers, but, hey, they're installing something that
> significantly changes the underlying system.

All accesses?  I think that's part of what we are trying to do plus a
lot more.

> Perhaps the think is the wrong way around.  Maybe the KERNEL should give 
> the MODULE patch points when the module is initialized and makes one 
> specific call (e.g. security_inform_me()) returning a table of pointers
> to places where you need to poke addresses to a list of hooks.

What's wrong with the currently proposed method?  It is specifically what
Linus said he would like to see.

> Sorry to be a bother, but I'm *very* interested in this discussion and 
> would hope that "less kernel-sophisticated programmers" like me can be 
> included. 

No bother at all.

thanks,

greg k-h

-- 
greg@(kroah|wirex).com
http://immunix.org/~greg

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

    This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 10:21:12 PDT