Re: Notes from the Real World

From: Crispin Cowan (crispinat_private)
Date: Tue May 01 2001 - 17:57:10 PDT

  • Next message: jmjonesat_private: "Re: Notes from the Real World"

    Greg KH wrote:
    > On Tue, May 01, 2001 at 08:03:48PM -0400, jmjonesat_private wrote:
    > > Okay, I stand corrected, but a loadable module DOES provide a means of
    > > extending the kernel to provide other functionality without actually
    > > touching the Kernel proper.  Not So?
    > Yes, that is true.  I guess it depends on where you see the "kernel
    > proper" ending.  Remember Linux is a monolithic kernel, it's all "proper" :)
    What loadable kernel modules do is separate the the kernel address space domain
    (what code can read/write directly to kernel memory) from the kernel source
    code domain (who can add code to the kernel, and whether they have to
    re-compile the whole kernel to do it):
       * Without loadable modules:  if you wanna run some code inside the kernel's
         address space, you hafta patch the source and re-compile the kernel.  A
         big hassle for all, and beyond the capabilities of many.
       * With loadable modules:  someone can prepare a module that works with the
         standard kernel, and give it to their friends/customers.  With no special
         knowledge and no re-compiling, that code runs inside the kernel address
    However, Greg's point stands:  building kernel modules is not for amateurs.
    Someone who wants to build an LSM module had better be comfortable with kernel
    hacking.  The LSM is about making it easy distribute & install such
    enhancements, not about making it user-friendly to write them.
    Naturally, we should make it as easy as possible to write LSM modules, but not
    at the expense of kernel mainline conventions.  And there is no escaping the
    hard fact that you are writing kernel code when you write LSM module code.
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Security Hardened Linux Distribution:
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue May 01 2001 - 17:58:44 PDT