Re: Benchmarks (was Re: Hooking into Linux using the LTT)

From: jmjonesat_private
Date: Sun Apr 22 2001 - 10:15:33 PDT

  • Next message: Sandy Harris: "Re: A Comment from User Space"

    On Sun, 22 Apr 2001, Greg KH wrote:
    
    > On Sat, Apr 21, 2001 at 01:10:22PM -0400, jmjonesat_private wrote:
    > > 
    > > Greg KH Wrote:
    > > 
    > > > Remember the LSM lives in kernel space along
    > > > with the rest of the kernel, so it can touch any part of kernel memory
    > > > that it wants to, even if we "hide" it.  Also any thing that implements
    > > > this would cause the way to call the hooks to slow down.
    > > 
    > > Quite repectfully, isn't that in the domain of the module, not the
    > > interface?  If the module adds value to the point the slow-down is 
    > > worthwhile, why not let it?
    > 
    > I the module causes things to slow down that's fine.  I don't want to
    > impose artificial burdens on the interface that everyone has to accept.
    > Attempting to hide the interface structure from the module would be such
    > a burden (both in complexity and speed) and not be useful at all (can
    > not work.)
    > 
    > thanks,
    > 
    > greg k-h
    > 
    
    I agree, but I think we should discuss "standard" levels of indirection.
    Build the basic structure in such a way that we could provide other
    interfaces that would impose greater overhead to support modules that are
    at a "higher (different?)" level of abstraction.
    
    Build a "low-level" interface that imposes minimal overhead, then stack
    a few "higher level" standard functions on top of that.  A loadable
    security module SHOULD be as easy to implement as we can manage (er, you
    can manage) to be as generally useful as possible.
    
    J. Melvin Jones
    
    |>------------------------------------------------------
    ||  J. MELVIN JONES            jmjonesat_private 
    |>------------------------------------------------------
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    |>------------------------------------------------------
    ||  http://www.jmjones.com/
    |>------------------------------------------------------
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Sun Apr 22 2001 - 13:38:20 PDT