Re: permissive vs. restrictive issue and solutions...

• Previous message: jmjonesat_private: "Re: permissive vs. restrictive issue and solutions..."
• In reply to: Crispin Cowan: "Re: permissive vs. restrictive issue and solutions..."
• Next in thread: David Wagner: "Re: permissive vs. restrictive issue and solutions..."
• Next in thread: David Wagner: "Re: permissive vs. restrictive issue and solutions..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 2 Jun 2001, Crispin Cowan wrote:

> So here's yet another idea:  split the LSM interface into two parts, permissive
> and restrictive.  Designers that want purely restrictive functionality use only
> the restrictive parts, and thus get easier/higher assurance. Those who want
> permissive functionality can turn it on if they need it.
> 
> "Split" may be an over-statement.  Perhaps just a global switch that can disable
> the permissive interfaces would suffice?  Then a module designer could turn off
> permissiveness, and be assured that their module will "at least do no harm."
> 
> Crispin
> 
> --
> Crispin Cowan, Ph.D.
> Chief Scientist, WireX Communications, Inc. http://wirex.com
> Security Hardened Linux Distribution:       http://immunix.org
> Available for purchase: http://wirex.com//Products/Immunix/purchase.html

*LOL*, maybe I should "think some more before posting", but this is (to
me) a "hot topic"

If you create

#define NO_KERNEL_SECURITY_CHECKS

and slice off all the native checks in 

#ifndef NO_KERNEL_SECURITY_CHECKS
...
(kernel logic here, assigned to err)
....
#else
err=0; // Or some special "didn't check" value.
#endif

if (err=lsm_check(err,arguments...))...

that answers most of my problems, and, I think, answers the "restrictive
only side", since it can still have "assurance." The small "stack push"
overhead is acceptable to me.  Too bad C doesn't overload functions. :)

I withdraw all my arguments against #3 in that instance.  It's
functionally similar to my "shared code" argument, but leaves the 
ACTUAL ASCII in the main kernel code.

Sincerely,
J. Melvin Jones



|>------------------------------------------------------
||  J. MELVIN JONES            jmjonesat_private 
|>------------------------------------------------------
||  Microcomputer Systems Consultant  
||  Software Developer
||  Web Site Design, Hosting, and Administration
||  Network and Systems Administration
|>------------------------------------------------------
||  http://www.jmjones.com/
|>------------------------------------------------------




_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: David Wagner: "Re: permissive vs. restrictive issue and solutions..."
• Previous message: jmjonesat_private: "Re: permissive vs. restrictive issue and solutions..."
• In reply to: Crispin Cowan: "Re: permissive vs. restrictive issue and solutions..."
• Next in thread: David Wagner: "Re: permissive vs. restrictive issue and solutions..."
• Next in thread: David Wagner: "Re: permissive vs. restrictive issue and solutions..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jun 02 2001 - 16:49:29 PDT