Re: Hooks, authority, MAC, the future and proposol

• Previous message: Greg KH: "Re: Hooks, authority, MAC, the future and proposol"
• In reply to: LA Walsh: "Hooks, authority, MAC, the future and proposol"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I forgot to address this important question.

LA Walsh wrote:

> Given that audit requires more hooks than are currently
> present and making audit a stage II goal, when will that be
> addressed?  What is the time frame for allowing audit hooks into
> LSM?  In fact, how do people see LSM being in the future?

Stage I:  get the mainline kernel to accept the access control set of LSM hooks.

Stage II: determine what additional hooks are needed to support additional
features, such as audit.  Build it, propose it to the mainline kernel, and see
if they accept it.

The purpose of this arrangement is that we have explicit direction from Linus to
go build the access control hooks.  We do *not* have explicit direction to do
anything else, and there is a wide-spread belief (correct or not) that audit is
slow, expensive, and ineffective.

So we use the "camel's nose" strategy: provide the kernel community with exactly
what Linus asked for, let them get comfy with it, and then propose the rest of
what we want.  There are two major advantages to this approach:

  1. Half a loaf is better than none.  There is significant chance that a big
     patch that was big because it included audit support would be rejected
     outright.  We're protecting the access control part by not "tainting" it
     with the perception of a bulky/slow audit facility.
  2. Proving our point.  Once Stage I is accepted, we can enhance it to support
     audit, and do detailed performance measurement on the enhancements.  If we
     can show that the audit-supporting hooks do not substantially increase the
     cost of LSM, and LSM has already been accepted, it is much harder to argue
     against providing audit hooks.

This too is more or less consistent with the lunch with Ted, giving us
reasonable confidence that the above views match the prejudices of the kernel
community.

Crispin

--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Serge E. Hallyn: "initialization"
• Previous message: Greg KH: "Re: Hooks, authority, MAC, the future and proposol"
• In reply to: LA Walsh: "Hooks, authority, MAC, the future and proposol"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 09:34:22 PDT