On Tue, 31 Jul 2001, Crispin Cowan wrote: > >From here, we have several choices of how to proceed: > > * Do something to get the pure simple assurance property back. This is > likely to be brutally difficult, as it will involve change call-by-referece > interfaces into call-by-value interfaces, which is highly unnatural in C. > Not recomended. I see this as possible, but not recommended. It's a pretty poor solution that would be rejected by KD's who know code, and, well, they usually do. > * Shrug. Ok, so the simple assurance property is not as simple as we would > like. Tough noogies :-) We still get a measure of bug tolerance from the > strictly restrictive nature of the LSM interface. Agreed. But no further "simple assurance" arguments should be allowed. The question is: should we reconsider previous arguments that used this as a "trump card?" I think we should. > * Give up. In for a penny, in for a pound. Since we don't really get simple > assurance, give up completely on this concept, and start using > authoritative hooks. This will (apparently) satisfy some needs of JMJ, > possibly alleviate the MAC/DAC sequence tension between SGI and WireX, > enable honeypot modules, and perhaps even make some other folks happy. The > cost is that the security requirements for buglessness in LSM modules goes > waaay up, for *every* module. > This is NOT Giving Up. Authoritative hooks are generally useful and modules that need the "simple assurance" argument can use a stacked module that guarantees it. I'll put resources into writing it, since having an open source module allows more assurance. This is NOT impossible, but it is not possible (imho) within the hooks/interface without tripping the "more invasive" trap that has ALSO been sprung many times. Dr. Wagner has alluded to this many times... a construct that forces modules to be more restrictive without imposing on the interface. With stacking, this an achievable objective. > Comments? > > Crispin > > -- > Crispin Cowan, Ph.D. > Chief Scientist, WireX Communications, Inc. http://wirex.com > Security Hardened Linux Distribution: http://immunix.org > Available for purchase: http://wirex.com/Products/Immunix/purchase.html J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 14:22:18 PDT