Re: A Comment from User Space

• Previous message: Greg KH: "Re: A Comment from User Space"
• Maybe in reply to: jmjonesat_private: "A Comment from User Space"
• Next in thread: Tim Hollebeek: "RE: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Seth Arnold <sarnoldat_private>:
> * Stephen Smalley <sdsat_private> [010424 05:59]:
> > It would probably be sufficient to only have a single system call
> > reserved for LSM, and multiplex requests through it.
> 
> It would probably be sufficient for individual modules. If we ask Linus
> to set aside five syscalls for security purposes we will likely have a
> better time with the transition to multiplexed security modules in
> place -- as long as there is a recommendation somewhere that individual
> modules should use no more than one syscall.
> 
> Would it be easy enough to build a new multiplexed syscall out of the
> two previously multiplexed syscalls?
> 
> Or would it be best to let the whole idea of multiplexed security
> modules lie until this single-module version is finished?
> 
> (I know I keep bringing it up, but there is method to my madness. If I
> recall, richard at sgi wants the current security checks hookable (i.e.,
> the standard unix-like permission checking), the first 'planned' module
> seems to be (by consensus) the posix capabilities, and we all have our
> favorite 'third-party' module we want to use. That is three modules
> right there. Sure, few applications use posix capabilities, and it is
> unlikely the standard unix-like permissions will only be available in
> module form (for the folks who want speed) -- but I easily see the need
> for two modules loaded at once. :)

I see a potential for 5:
   1. UNIX DAC permissions
   2. ACLs (might be part of item #1.)
   3. Linux capabilities
   4. MAC
   5. IPSec? (the security associations...)

With this in a "layers" form, most users wouldn't even need to see
the security functions. Of course the choice of evaluation order would
optimize the throughput. Perhaps 3,1,2,4,5 and EPERM on first failure.
Order dependant on registration order? Or based on a priority sort during
registration?

It would make it easy to study various MAC models or the various ACL models.

I'm willing to wait until at least one module is working.

-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollardat_private

Any opinions expressed are solely my own.

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Jesse Pollard: "Re: linux-security-module digest, Vol 1 #45 - 9 msgs"
• Previous message: Greg KH: "Re: A Comment from User Space"
• Maybe in reply to: jmjonesat_private: "A Comment from User Space"
• Next in thread: Tim Hollebeek: "RE: A Comment from User Space"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 14:22:04 PDT