Re: New LSM patch for consideration

• Previous message: Stephen Smalley: "Re: New LSM patch for consideration"
• Maybe in reply to: Stephen Smalley: "New LSM patch for consideration"
• Next in thread: Stephen Smalley: "Re: New LSM patch for consideration"
• Reply: Stephen Smalley: "Re: New LSM patch for consideration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stephen Smalley <sdsat_private>:
> 2) The new LSM patch doesn't address moving capabilities into
> a module.  However, I don't see that as a real obstacle - my plan is to
> address capabilities in the new LSM patch, but I first wanted to
> come to a consensus on the following questions:  a) Do we need
> to move the capability bits out of the task_struct and
> linux_binprm structures?  Both?  Either?  Neither?  b) Can
> we limit our changes to the core capability logic, i.e.
> the logic within capable, the logic within the capability system 
> calls, and the capability-specific computations in compute_creds, 
> ptrace, and set*id?  Can we leave all existing capable calls
> unchanged?  I also wanted to ensure that when we move the capbilities
> into a module, we keep a working base kernel with useful security
> behavior.

To answer (reformatted - and all answers are opinion only):

a) Do we need to move the capability bits out of the task_struct and
   linux_binprm structures? Both?  Either?

IMHO, yes, and both of them. I think it would simplify access to these
bits and provide a more centralized repository for the security information.
It might not be easy to move them because of the current implmentation, but
I think they will be moved at some time in the future anyway.

b) Can we limit our changes to the core capability logic, i.e.
   the logic within capable, the logic within the capability system 
   calls, and the capability-specific computations in compute_creds, 
   ptrace, and set*id?

Ptrace may be the most complex to avoid changing... followed by exec and
fork. It may not be possible to do so.

   Can we leave all existing capable calls unchanged?

If the capability bits are moved, I would expect SOME alteration of the
capability calls MAY be necessary. I've not looked at all of them, but
since the code is rather distributed I would expect some "unusual" coding
to have crept into the logic of the calls (similar to the DAC/capability
intertwining).

-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollardat_private

Any opinions expressed are solely my own.

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Casey Schaufler: "Anyone planning big changes soon?"
• Previous message: Stephen Smalley: "Re: New LSM patch for consideration"
• Maybe in reply to: Stephen Smalley: "New LSM patch for consideration"
• Next in thread: Stephen Smalley: "Re: New LSM patch for consideration"
• Reply: Stephen Smalley: "Re: New LSM patch for consideration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 14 2001 - 07:28:33 PDT