Re: Making forward progress

From: Stephen Smalley (sdsat_private)
Date: Thu Aug 02 2001 - 11:26:14 PDT

  • Next message: Stephen Smalley: "Re: Making forward progress"

    On Thu, 2 Aug 2001 Valdis.Kletnieksat_private wrote:
    > However, one of the reasons for rejecting authoritative hooks (simple
    > assurance) has since been re-examined and found to have some issues, which
    > although not *obviously* fatal, are at least sufficient to require some
    > re-discussion - even if we wish to continue on the path we currently are,
    > we need to at least be able to say "we considered the new evidence and
    > decided to not change our minds".  Given that there has been at least one
    > concrete proposal by jmjones that would provide a stackable module on top
    > of authoritative hooks that would provide at least a large chunk of what
    > simple assurance was supposed to buy us, some pondering is needed...
    As I mentioned in my message, the fact that the modules can modify
    structure fields and cause side effects was not news.  Furthermore,
    even if you copy structures, a module can always modify state
    in the current task (and in fact, many real modules will do
    exactly this, e.g. to revoke access to file descriptors 
    when a domain changes across an execve).  Additionally, a module
    is free to change kernel data, regardless of whether you happen to pass 
    it explicitly or not.  So there is nothing new here to motivate a change 
    in LSM. 
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 11:29:06 PDT