Re: Kernel Security Extensions USENIX BOF Summary

From: jmjonesat_private
Date: Thu Jul 05 2001 - 14:07:49 PDT

  • Next message: jmjonesat_private: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"

    On Thu, 5 Jul 2001, Stephen Smalley wrote:
    
    > But let's not go too far on this debate.  As I've previously stated,
    > you can support pathname-based modules without needing to reconstruct
    > absolute pathnames on each lookup or file creation operation.  In fact,
    > that should be preferable to you from a performance perspective.  So
    > the hooks end up being the same anyway.
    
    Only one question: what if you WANT to reconstruct pathname data... not
    just absolute, but also what was originally specified.  Is that
    possible with strictly inode-based protections, and, if not, is there a 
    SIMPLE way to add it to the LSM model without getting into "mixed models"?
    
    If it can be done, I think everybody is on the same page.  I ask only 
    because it seems to be an "issue" of some minor sort.
    
    There is the issue of "imposing a model" on the module.
    J. Melvin Jones
    
    |>------------------------------------------------------
    ||  J. MELVIN JONES            jmjonesat_private 
    |>------------------------------------------------------
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    |>------------------------------------------------------
    ||  http://www.jmjones.com/
    |>------------------------------------------------------
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Jul 05 2001 - 14:08:20 PDT