Re: Hooks, authority, MAC, the future and proposol

From: Crispin Cowan (crispinat_private)
Date: Mon Jul 09 2001 - 09:32:32 PDT

  • Next message: Serge E. Hallyn: "initialization"

    I forgot to address this important question.
    
    LA Walsh wrote:
    
    > Given that audit requires more hooks than are currently
    > present and making audit a stage II goal, when will that be
    > addressed?  What is the time frame for allowing audit hooks into
    > LSM?  In fact, how do people see LSM being in the future?
    
    Stage I:  get the mainline kernel to accept the access control set of LSM hooks.
    
    Stage II: determine what additional hooks are needed to support additional
    features, such as audit.  Build it, propose it to the mainline kernel, and see
    if they accept it.
    
    The purpose of this arrangement is that we have explicit direction from Linus to
    go build the access control hooks.  We do *not* have explicit direction to do
    anything else, and there is a wide-spread belief (correct or not) that audit is
    slow, expensive, and ineffective.
    
    So we use the "camel's nose" strategy: provide the kernel community with exactly
    what Linus asked for, let them get comfy with it, and then propose the rest of
    what we want.  There are two major advantages to this approach:
    
      1. Half a loaf is better than none.  There is significant chance that a big
         patch that was big because it included audit support would be rejected
         outright.  We're protecting the access control part by not "tainting" it
         with the perception of a bulky/slow audit facility.
      2. Proving our point.  Once Stage I is accepted, we can enhance it to support
         audit, and do detailed performance measurement on the enhancements.  If we
         can show that the audit-supporting hooks do not substantially increase the
         cost of LSM, and LSM has already been accepted, it is much harder to argue
         against providing audit hooks.
    
    This too is more or less consistent with the lunch with Ted, giving us
    reasonable confidence that the above views match the prejudices of the kernel
    community.
    
    Crispin
    
    --
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 09:34:22 PDT