Re: A Comment from User Space

• Previous message: Kurt P. Hundeck: "Re: linux-security-module digest, Vol 1 #38 - 10 msgs"
• Next in thread: Greg KH: "Re: A Comment from User Space"
• Next in thread: Greg KH: "Re: A Comment from User Space"
• Reply: Greg KH: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 22 Apr 2001, Sandy Harris wrote:

> Crispin Cowan wrote:
> > 
> > jmjonesat_private wrote:
> > 
> > > Who's working on the Code to English (documentation) translation here?
> > > I think (conceit), I could perhaps volunteer to help.
> > 
> > Thanks!  That's certainly something that will need doing.  At the moment,
> > the code base is rather fluid, so the code is the documentation.  When it
> > firms up, we'll need a document that explains how to create a security
> > module, and documents the API for each of the hooks.
> 
> Arguably, we want a reasonably clear spec before people start coding. This
> is particularly true for security code, since we want people to analyse it
> looking for holes. Ideally, you want to go beyond just a specification, all
> the way to a formal model with provable security properties.

Agreed.

> 
> Of course, it's no use specifying something that cannot be coded or that is
> going to be hopelessly inefficient. So we are probably looking at some form
> of iterative process.

Agreed, if an "interative process" means we USERS will get feedback that
will result in modification of the interface.

> 
> Can we specify what we want to hook to in terms of data structures? We
> have structs for a process, file, socket. Is it enough to say a security
> module gets to:
> 
> 	add fields to those structs,
> 	add things to the i-node to initialise file structs
> 	intercept a list of procedure calls, some of whose args are
> 	  pointers to those structs
> 
> Or are there other structures (RPC?, shared memory?, IPSEC tunnels?, ...)
> that they should be able to manipulate?

Good Question... CODERS?

J. Melvin Jones

|>------------------------------------------------------
||  J. MELVIN JONES            jmjonesat_private 
|>------------------------------------------------------
||  Microcomputer Systems Consultant  
||  Software Developer
||  Web Site Design, Hosting, and Administration
||  Network and Systems Administration
|>------------------------------------------------------
||  http://www.jmjones.com/
|>------------------------------------------------------




_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Greg KH: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Previous message: Kurt P. Hundeck: "Re: linux-security-module digest, Vol 1 #38 - 10 msgs"
• Next in thread: Greg KH: "Re: A Comment from User Space"
• Next in thread: Greg KH: "Re: A Comment from User Space"
• Reply: Greg KH: "Re: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Apr 22 2001 - 13:33:00 PDT