Re: Benchmarks (was Re: Hooking into Linux using the LTT)

From: Crispin Cowan (crispinat_private)
Date: Sun Apr 22 2001 - 13:56:12 PDT

  • Next message: Kurt P. Hundeck: "Re: linux-security-module digest, Vol 1 #38 - 10 msgs"

    jmjonesat_private wrote:
    
    > On Sun, 22 Apr 2001, Greg KH wrote:
    > > Hm, that sounds nice and vague.  I too believe in Mom and apple pie :)
    > Mom, apple pie, baseball, and USABILITY from a human aspect are
    > important.  If only a handful of geeks (no insult intended, i proudly
    > declare MYSELF a "geek" (albeit a lesser one)) can implement a module,
    > that's a pretty poor interface.
    
    Because this stuff is hooking deep into the kernel core, the importance of
    performance is relatively great, and the importance of usability is relatively
    lessened.  It still has to be readable & maintainable, but doesn't need to be
    puppy-dog user-friendly.
    
    This too is vague and reaoning by analogy, and any minute now Greg is going to
    make fun of me for it :-) but you get the idea.
    
    
    > While I *understand* that "the code is the thing" right now, comments on
    > if it works are meaningless unless we discuss "what it SHOULD
    > do."  Sorry, but you can build a PERFECT square, and it will still never
    > fit a round hole.
    > ...
    > Good.  You're a good coder.  You evaluate your own output for flaws.
    > That's a sign of high intelligence and good moral character.  Am I
    > the ONLY one still interested in discussing WHY code SHOULD do, instead
    > of HOW?
    
    But we do know what it should do:  support current modules.  When we post
    candidate LSM interfaces, the important question is whether any of the candidate
    modules (RSBAC, SELinux, Janus, whatever-SGI-calls-their-thing, etc.) are
    getting everything they need.  If not, then the interface should be expanded
    accordingly.
    
    Regarding removing features:  All of the interface features that are currently
    there are motivated by some modules needs, most likely Capabilities.  Arguing to
    remove a feature is not likely to get traction, unless the argument includes a
    discussion of how the same work can be accomplished by other means.
    
    More abstract discussion such as "What about a security policy that lets you do
    this ..." are more properly in the realm of LSM module design.  RSBAC, SELinux,
    and SubDomain all have associated mailing lists and published design documents.
    New features that you think should be included should go there.  If none of them
    are close, then roll your own.
    
    And of course, LSM is supposed to make rolling your own easier.  So, supposing
    that you plan to roll your own, are there interface hooks that you want added?
    
    
    > P.S. -- This is NOT intended as a flame.  I think greg k-h has
    > done WONDERFUL work, but I still think there're things to be considered
    > if Greg's work is to get the final "stamp of approval."  Sorry, Greg.
    
    I don't believe that Greg would deny that, but it's more useful to point out
    what those things are.
    
    Crispin
    
    --
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Sun Apr 22 2001 - 13:57:58 PDT