On Tue, 1 May 2001, Crispin Cowan wrote: > Greg KH wrote: > > > On Tue, May 01, 2001 at 08:03:48PM -0400, jmjonesat_private wrote: > > > Okay, I stand corrected, but a loadable module DOES provide a means of > > > extending the kernel to provide other functionality without actually > > > touching the Kernel proper. Not So? > > > > Yes, that is true. I guess it depends on where you see the "kernel > > proper" ending. Remember Linux is a monolithic kernel, it's all "proper" :) > > What loadable kernel modules do is separate the the kernel address space domain > (what code can read/write directly to kernel memory) from the kernel source > code domain (who can add code to the kernel, and whether they have to > re-compile the whole kernel to do it): > > * Without loadable modules: if you wanna run some code inside the kernel's > address space, you hafta patch the source and re-compile the kernel. A > big hassle for all, and beyond the capabilities of many. > * With loadable modules: someone can prepare a module that works with the > standard kernel, and give it to their friends/customers. With no special > knowledge and no re-compiling, that code runs inside the kernel address > space. > > However, Greg's point stands: building kernel modules is not for amateurs. > Someone who wants to build an LSM module had better be comfortable with kernel > hacking. The LSM is about making it easy distribute & install such > enhancements, not about making it user-friendly to write them. > Um, define "amateurs"? Was Linus a "professional" when he built the kernel all those years ago? I suspect, your definition will include most of the linux world. How about we change that to "inexperienced"? In that case, there are a LOT of us out here who could legitimately "try their hand" at an LSM on their own systems, with a little "enlightenment". A coherent, well designed set of patches would make it easier for "those of us not blessed" to add to the total linux picture. > Naturally, we should make it as easy as possible to write LSM modules, but not > at the expense of kernel mainline conventions. And there is no escaping the > hard fact that you are writing kernel code when you write LSM module code. True enough. Describe the "necessities" in plain language, you have something very valuable here. > > Crispin > > -- > Crispin Cowan, Ph.D. > Chief Scientist, WireX Communications, Inc. http://wirex.com > Security Hardened Linux Distribution: http://immunix.org > > > _______________________________________________ > linux-security-module mailing list > linux-security-moduleat_private > http://mail.wirex.com/mailman/listinfo/linux-security-module > |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue May 01 2001 - 18:16:03 PDT