Hi!
Crispin Cowan:
> How convinced are other people that this method can be made
> sufficiently reliable?
I'm convinced enough to go that way myself. I worked on the
original DTE prototype, the source of the HADB data structure that
Doug described. When I moved on to LOMAC, I had to implement an
canonical-absolute-path-based scheme because my compatibility goals
prohibited me from patching HADB-support hooks into the kernel. I'm
planning on going with a HADB-like solution for the LSM LOMAC port,
because (1) I thought that the hooks for the alternate pathname-based
approach were going away (perhaps I misunderstood at the BOF), and (2)
that's the way my FreeBSD port is going to operate (via a layered FS) and
I figured I'd try to keep all my ports similar.
It's always hard to abandon an already-working solution for a
supposedly-better one that you've never tried before. But the VFS
layer is a well-defined interface. It shouldn't be any harder to get
a warm fuzzy about the non-bypassability of hooks placed there than it
is for any of the kernel's other interfaces.
- Tim Fraser, NAI Labs
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 08:53:21 PDT