Re: Benchmarks (was Re: Hooking into Linux using the LTT)

• Previous message: Greg KH: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• In reply to: Greg KH: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Next in thread: Greg KH: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Next in thread: jmjonesat_private: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Reply: Greg KH: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 22 Apr 2001, Greg KH wrote:

> On Sat, Apr 21, 2001 at 01:10:22PM -0400, jmjonesat_private wrote:
> > 
> > Greg KH Wrote:
> > 
> > > Remember the LSM lives in kernel space along
> > > with the rest of the kernel, so it can touch any part of kernel memory
> > > that it wants to, even if we "hide" it.  Also any thing that implements
> > > this would cause the way to call the hooks to slow down.
> > 
> > Quite repectfully, isn't that in the domain of the module, not the
> > interface?  If the module adds value to the point the slow-down is 
> > worthwhile, why not let it?
> 
> I the module causes things to slow down that's fine.  I don't want to
> impose artificial burdens on the interface that everyone has to accept.
> Attempting to hide the interface structure from the module would be such
> a burden (both in complexity and speed) and not be useful at all (can
> not work.)
> 
> thanks,
> 
> greg k-h
> 

I agree, but I think we should discuss "standard" levels of indirection.
Build the basic structure in such a way that we could provide other
interfaces that would impose greater overhead to support modules that are
at a "higher (different?)" level of abstraction.

Build a "low-level" interface that imposes minimal overhead, then stack
a few "higher level" standard functions on top of that.  A loadable
security module SHOULD be as easy to implement as we can manage (er, you
can manage) to be as generally useful as possible.

J. Melvin Jones

|>------------------------------------------------------
||  J. MELVIN JONES            jmjonesat_private 
|>------------------------------------------------------
||  Microcomputer Systems Consultant  
||  Software Developer
||  Web Site Design, Hosting, and Administration
||  Network and Systems Administration
|>------------------------------------------------------
||  http://www.jmjones.com/
|>------------------------------------------------------




_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Sandy Harris: "Re: A Comment from User Space"
• Previous message: Greg KH: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• In reply to: Greg KH: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Next in thread: Greg KH: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Next in thread: jmjonesat_private: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Reply: Greg KH: "Re: Benchmarks (was Re: Hooking into Linux using the LTT)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Apr 22 2001 - 13:38:20 PDT