Re: permissive vs. restrictive issue and solutions...

From: jmjonesat_private
Date: Sat Jun 02 2001 - 16:23:41 PDT

  • Next message: jmjonesat_private: "Re: permissive vs. restrictive issue and solutions..."

    jmjones stops dead in his rebuttal-rebuttal because there's something
    "new" in his consideration introduced by:
    
    On Sat, 2 Jun 2001, Crispin Cowan wrote:
    
    > crispinat_private wrote:
    
    > So here's yet another idea:  split the LSM interface into two parts, permissive
    > and restrictive.  Designers that want purely restrictive functionality use only
    > the restrictive parts, and thus get easier/higher assurance. Those who want
    > permissive functionality can turn it on if they need it.
    
    How would this be implemented?   Two sets of hooks, one before the kernel 
    checks, one after?  Or two separate compile options for the hooks... one 
    "before the kernel checks and allowing only the kernel" and one "after the
    kernel checks passing the kernel advice...:
    
    LSM_OPTION_TWO
    LSM_OPTION_THREE
    
    
    > 
    > "Split" may be an over-statement.  Perhaps just a global switch that can disable
    > the permissive interfaces would suffice?  Then a module designer could turn off
    > permissiveness, and be assured that their module will "at least do no harm."
    > 
    
    With possibly "both defined?".  Or "OPTION THREE" by always with
    "circuit breaker" hooks before the kernel checks? Either has 
    possibilities, although that sort of reduces to option one, doesn't it?
    
    The argument for "do nothing functions versus checks" seems to apply, 
    with option #2 and a "dummy" module that supports all the current logic, 
    that can be loaded on top of the LSM interface and do the checks then 
    pass to the module seems to satisfy this suggestion.
    
    > Crispin
    > 
    > --
    > Crispin Cowan, Ph.D.
    > Chief Scientist, WireX Communications, Inc. http://wirex.com
    > Security Hardened Linux Distribution:       http://immunix.org
    > Available for purchase: http://wirex.com//Products/Immunix/purchase.html
    > 
    
    
    More "Fleshing Out" Desired,
    J. Melvin Jones
    
    |>------------------------------------------------------
    ||  J. MELVIN JONES            jmjonesat_private 
    |>------------------------------------------------------
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    |>------------------------------------------------------
    ||  http://www.jmjones.com/
    |>------------------------------------------------------
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Sat Jun 02 2001 - 16:24:37 PDT