Re: Extending a Security Module

From: sarnoldat_private
Date: Tue May 22 2001 - 14:38:26 PDT

  • Next message: Chris Wright: "Re: Extending a Security Module"

    On Tue, May 22, 2001 at 05:15:22PM -0400, jmjonesat_private wrote:
    > Kernel calls it's registered function, module has a function there that
    > may or may not call the "subordinate" registered function, if it decides
    > that access is allowed.  Pass down the chain.
    
    This is one possible policy.
    
    Another possible policy would deny actions only if *all* modules return
    failure -- allowing the action happens if one or more of the
    modules assents. (Though it sounds far more open than the other style, I
    think it may be more in line with capabilities systems' approach -- if
    there is a handle to an action or object, it is possible to perform that
    action or modify that object. Both can be made to be very restrictive.)
    
    Either policy is legitmate, and both cannot be implemented in the kernel
    using the "pass down the chain" method; at least not very easily. Mixing
    the two policies is right out if implemented in the standard kernel.
    
    A multiplexor module could do both at once, depending upon the desired
    modules.
    
    I maintain that the kernel should not be in the business of merging
    security policies. Let the modules deal with it. [Recall that I
    originally thought much the same as your arguments: I was convinced,
    sooner or later, to let the issue lie. I don't recall at what point you
    joined the discussion -- but it might not hurt to read the archives on
    this matter, if you joined after I made a fuss about it. I'd like to
    think the same arguments that convinced me could also convince you. :]
    
    > DEFINITION:
    > 
    > Kernel Proper: The Core Kernel without modules.
    
    While this may make for easier conversations, I don't think it is quite
    true. Modules loaded into the kernel have all the abilities to step on
    toes that the rest of the kernel has. They share address spaces, etc.
    Perhaps a better term would be something similar to "linus-supplied
    kernel", "virgin kernel", "stock kernel", "standard kernel", etc.
    
    I only bring it up to make the point that once loaded, a module is
    really no different from the rest of the kernel. It is part of the
    kernel. I'm hoping we can continue to use the phrases "kernel" to mean
    that which Linus provides and "module" to mean any LSM-compliant module;
    yes, it is playing fast and loose with the words but I think we will
    know the difference in most cases. :)
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue May 22 2001 - 14:41:37 PDT