Re: permissive vs. restrictive issue and solutions...

• Previous message: Crispin Cowan: "Re: permissive vs. restrictive issue and solutions..."
• In reply to: Crispin Cowan: "Re: permissive vs. restrictive issue and solutions..."
• Next in thread: jmjonesat_private: "Re: permissive vs. restrictive issue and solutions..."
• Next in thread: David Wagner: "Re: permissive vs. restrictive issue and solutions..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

jmjones stops dead in his rebuttal-rebuttal because there's something
"new" in his consideration introduced by:

On Sat, 2 Jun 2001, Crispin Cowan wrote:

> crispinat_private wrote:

> So here's yet another idea:  split the LSM interface into two parts, permissive
> and restrictive.  Designers that want purely restrictive functionality use only
> the restrictive parts, and thus get easier/higher assurance. Those who want
> permissive functionality can turn it on if they need it.

How would this be implemented?   Two sets of hooks, one before the kernel 
checks, one after?  Or two separate compile options for the hooks... one 
"before the kernel checks and allowing only the kernel" and one "after the
kernel checks passing the kernel advice...:

LSM_OPTION_TWO
LSM_OPTION_THREE


> 
> "Split" may be an over-statement.  Perhaps just a global switch that can disable
> the permissive interfaces would suffice?  Then a module designer could turn off
> permissiveness, and be assured that their module will "at least do no harm."
> 

With possibly "both defined?".  Or "OPTION THREE" by always with
"circuit breaker" hooks before the kernel checks? Either has 
possibilities, although that sort of reduces to option one, doesn't it?

The argument for "do nothing functions versus checks" seems to apply, 
with option #2 and a "dummy" module that supports all the current logic, 
that can be loaded on top of the LSM interface and do the checks then 
pass to the module seems to satisfy this suggestion.

> Crispin
> 
> --
> Crispin Cowan, Ph.D.
> Chief Scientist, WireX Communications, Inc. http://wirex.com
> Security Hardened Linux Distribution:       http://immunix.org
> Available for purchase: http://wirex.com//Products/Immunix/purchase.html
> 


More "Fleshing Out" Desired,
J. Melvin Jones

|>------------------------------------------------------
||  J. MELVIN JONES            jmjonesat_private 
|>------------------------------------------------------
||  Microcomputer Systems Consultant  
||  Software Developer
||  Web Site Design, Hosting, and Administration
||  Network and Systems Administration
|>------------------------------------------------------
||  http://www.jmjones.com/
|>------------------------------------------------------



_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: jmjonesat_private: "Re: permissive vs. restrictive issue and solutions..."
• Previous message: Crispin Cowan: "Re: permissive vs. restrictive issue and solutions..."
• In reply to: Crispin Cowan: "Re: permissive vs. restrictive issue and solutions..."
• Next in thread: jmjonesat_private: "Re: permissive vs. restrictive issue and solutions..."
• Next in thread: David Wagner: "Re: permissive vs. restrictive issue and solutions..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jun 02 2001 - 16:24:37 PDT