Re: New LSM patch for consideration

From: Greg KH (gregat_private)
Date: Tue Jun 12 2001 - 09:45:41 PDT

  • Next message: Stephen Smalley: "Re: New LSM patch for consideration"

    On Tue, Jun 12, 2001 at 12:10:39PM -0400, Stephen Smalley wrote:
    > 
    > I've developed and attached a new LSM patch against the original 2.4.5 
    > sources that diverges in several ways, detailed below, from the current 
    > LSM patch.  I'm attaching this patch for consideration by the LSM 
    > "community" as a new starting point for discussions.  I started over with
    > the original 2.4.5 sources and selectively merged portions of the old LSM
    > patch, since it seems that a number of the changes in the old LSM patch
    > (e.g. removing the capability bits from the linux_binprm structure,
    > replacing calls to capable with permissive hook calls, replacing all calls
    > to compute_creds, some extraneous changes inherited from Immunix) may not
    > be desirable.
    
    Thanks for the patch.  As a comparison, I've included the diff between
    your patch, and the current (for me) lsm patch (which includes the
    current lsm.immunix.org bitkeeper tree + my ia64 patch).  It makes it
    easier to compare by looking at this diff.
    
    I haven't had much time to compare but here are a few comments:
    
    > 2) Parameters were added to a number of the hooks, including ioperm, iopl,
    > setuid, setgid, setrlimit, sethostname, setdomainname, reboot, and acct
    > so that they are more generally useful.  In a few cases, like
    > sethostname and setdomainname, this required changing the kernel
    > code to copy the parameter from user space to an intermediate location
    > first for the hook and then copying from the intermediate location to
    > the final destination after authorization by the hook.  In other
    > cases, like acct, it required relocating the hook to after useful
    > information like the file was available.
    
    I like these.
    
    > 3) Recent changes made here by Chris Vance are integrated,
    > including the patch he submitted recently to the mailing list
    > and recent changes to support append vs. write distinctions.
    
    I think Chris Wright is just now applying those patches.
    
    > 4) Capabilities in the base kernel were left unmodified, since I
    > wasn't clear what direction we are heading in for capabilities.
    > If we do decide to retain a capabilities module, I would still
    > favor leaving the existing capable() calls unchanged and being
    > very conservative in only moving the real capabilities logic
    > out of the base kernel, leaving the basic DAC/superuser/set[ug]id
    > logic intact so that the base kernel remains useable.  I
    > left the base kernel compute_creds function intact (and
    > all calls to it) and merely added a call to our hook at
    > the end of the function.
    
    One of the explicit requirements to get LSM into the kernel was to have
    the ability to make capabilities be a module.  This allows the embedded
    people to completely remove capabilities, as they really want this.  I
    don't think we can ignore this, no matter how much of a pain in the butt
    it is :)
    
    > 5) A few changes in the old LSM patch that seemed to be
    > inherited from Immunix or irrelevant to LSM were omitted.  
    > I did leave the changes to the Makefiles for people with
    > StackGuard compilers for the convenience of WireX folks, but I 
    > don't really expect that change to be in the final version
    > for inclusion in the mainstream kernel.
    
    The new Kbuild system that will be in 2.5 has support for the StackGuard
    compiler.  In the meantime it doesn't hurt anything to have this patch
    in the lsm tree for those developers who use this compiler.  And you are
    correct, the lsm patch, whenever it will be submitted, will not have
    this patch in it.
    
    What other changes (besides the elf header change) did you see that was
    left over from Immunix changes, or were irrelevant?  I thought I got all
    of those out :)
    
    thanks,
    
    greg k-h
    
    
    

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module



    This archive was generated by hypermail 2b30 : Tue Jun 12 2001 - 09:55:59 PDT