Re: Notes from the Real World

From: jmjonesat_private
Date: Tue May 01 2001 - 18:13:38 PDT

  • Next message: jmjonesat_private: "Re: Notes from the Real World"

    On Tue, 1 May 2001, Crispin Cowan wrote:
    > Greg KH wrote:
    > > On Tue, May 01, 2001 at 08:03:48PM -0400, jmjonesat_private wrote:
    > > > Okay, I stand corrected, but a loadable module DOES provide a means of
    > > > extending the kernel to provide other functionality without actually
    > > > touching the Kernel proper.  Not So?
    > >
    > > Yes, that is true.  I guess it depends on where you see the "kernel
    > > proper" ending.  Remember Linux is a monolithic kernel, it's all "proper" :)
    > What loadable kernel modules do is separate the the kernel address space domain
    > (what code can read/write directly to kernel memory) from the kernel source
    > code domain (who can add code to the kernel, and whether they have to
    > re-compile the whole kernel to do it):
    >    * Without loadable modules:  if you wanna run some code inside the kernel's
    >      address space, you hafta patch the source and re-compile the kernel.  A
    >      big hassle for all, and beyond the capabilities of many.
    >    * With loadable modules:  someone can prepare a module that works with the
    >      standard kernel, and give it to their friends/customers.  With no special
    >      knowledge and no re-compiling, that code runs inside the kernel address
    >      space.
    > However, Greg's point stands:  building kernel modules is not for amateurs.
    > Someone who wants to build an LSM module had better be comfortable with kernel
    > hacking.  The LSM is about making it easy distribute & install such
    > enhancements, not about making it user-friendly to write them.
    Um, define "amateurs"?  Was Linus a "professional" when he built the
    kernel all those years ago?
    I suspect, your definition will include most of the linux world.
    How about we change that to "inexperienced"?  In that case, there are
    a LOT of us out here who could legitimately "try their hand" at an LSM on
    their own systems, with a little "enlightenment".  A coherent, well
    designed set of patches would make it easier for "those of us not blessed"
    to add to the total linux picture.
    > Naturally, we should make it as easy as possible to write LSM modules, but not
    > at the expense of kernel mainline conventions.  And there is no escaping the
    > hard fact that you are writing kernel code when you write LSM module code.
    True enough.  Describe the "necessities" in plain language, you have
    something very valuable here.
    > Crispin
    > --
    > Crispin Cowan, Ph.D.
    > Chief Scientist, WireX Communications, Inc.
    > Security Hardened Linux Distribution:
    > _______________________________________________
    > linux-security-module mailing list
    > linux-security-moduleat_private
    ||  J. MELVIN JONES            jmjonesat_private 
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue May 01 2001 - 18:16:03 PDT