Re: New LSM patch for consideration

• Previous message: Stephen Smalley: "Re: New LSM patch for consideration"
• In reply to: Stephen Smalley: "Re: New LSM patch for consideration"
• Next in thread: Stephen Smalley: "Re: New LSM patch for consideration"
• Next in thread: Stephen Smalley: "Re: New LSM patch for consideration"
• Reply: Stephen Smalley: "Re: New LSM patch for consideration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 19 Jun 2001, Stephen Smalley wrote:

> To be precise, the idea is that all of the LSM hooks other than
> capable() will be purely restrictive.  As soon as we arrive
> at a consensus on the right approach to moving capabilities
> out of the base kernel into a module, the base capable()
> function will once again be reduced to merely calling the
> LSM capable() hook, so a security module will be able to
> grant traditionally superuser privileges to non-superuser processes.
> The capabilities security module will be a module that provides this 
> kind of functionality. 
> 
> --
> Stephen D. Smalley, NAI Labs
> ssmalleyat_private

While I see the necessity of purely-restrictive hooks for
assurance/verification, I believe it's short sighted to explicitly define
ALL LSM hooks as being purely restrictive, forevermore.  It may just be a
matter of semantics.

I can't help but draw a distinction between "grant[ing] traditionally 
superuser privileges..." and being permissive, which may include
privileges that are not "traditionally supported", potentially based on
information that the current capabilities implementation does not take 
into account...  

It would seem that this solution simply pushes the discussion to the
capabilities module implementation, and by calling it "capabilities"
implies support of the pre-existing capabilities mechanism ... without
significant extension.

Is that a correct characterization?

Sincerely,
J. Melvin Jones

|>------------------------------------------------------
||  J. MELVIN JONES            jmjonesat_private 
|>------------------------------------------------------
||  Microcomputer Systems Consultant  
||  Software Developer
||  Web Site Design, Hosting, and Administration
||  Network and Systems Administration
|>------------------------------------------------------
||  http://www.jmjones.com/
|>------------------------------------------------------




_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen Smalley: "Re: New LSM patch for consideration"
• Previous message: Stephen Smalley: "Re: New LSM patch for consideration"
• In reply to: Stephen Smalley: "Re: New LSM patch for consideration"
• Next in thread: Stephen Smalley: "Re: New LSM patch for consideration"
• Next in thread: Stephen Smalley: "Re: New LSM patch for consideration"
• Reply: Stephen Smalley: "Re: New LSM patch for consideration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 06:52:33 PDT