Re: Making forward progress

• Previous message: Stephen Smalley: "RE: Making forward progress"
• Maybe in reply to: Stephen Smalley: "Making forward progress"
• Next in thread: Stephen Smalley: "Re: Making forward progress"
• Reply: Stephen Smalley: "Re: Making forward progress"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More words from Linus:

> I would, for example, be willing to entertain the notion of having a
> (global or per-process or whatever) pointer to a "security checks"
> structure:
>
>         struct security_checks_struct {
>                 int (*execve)(struct task_struct *tsk,struct binprm *new);
>                 int (*file_open)(struct file *);
>                 int (*raise_capability)(...
>                 ...
>                 ... selinux had about 140 points they wanted to hook into  ..
>                 ... others probably have a few more.
>                 ...
>         };
>


We've got this now... in fact, we have 140 hooks, at present. :)

> and then just have a opaque per-security-model security ID thing scattered
> around in critical places (the obvious being the thread structure, files,
> directory cache, inodes, etc). 

We have this, with our security blobs...

> And instead of having _any_ policy at  all,
> the kernel would just call the security procedure. Which might choose to
> fail (-EFASCIST) or might choose to return success but silently downgrade
> the security of the process that does the action, or whatever.

This, we clearly don't have.  We have preserved the in-kernel (DAC)
policies methodically and pre-emptively, to the serious inhibition of 
"whatever".  Also, the kernel doesn't "just call the security procedure", 
it goes through all the security checks it ever did, then ADDITIONALLY 
calls the security procedure... turning it into a pure-cost issue
performance-wise.

This would seem to imply that moving DAC to a module would be entertained
by Linus and might even more closely fit his requirements.

*Shrug*, Two Out of Three?
J. Melvin Jones 

   

|>------------------------------------------------------
||  J. MELVIN JONES            jmjonesat_private 
|>------------------------------------------------------
||  Microcomputer Systems Consultant  
||  Software Developer
||  Web Site Design, Hosting, and Administration
||  Network and Systems Administration
|>------------------------------------------------------
||  http://www.jmjones.com/
|>------------------------------------------------------




_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen Smalley: "RE: Making forward progress"
• Previous message: Stephen Smalley: "RE: Making forward progress"
• Maybe in reply to: Stephen Smalley: "Making forward progress"
• Next in thread: Stephen Smalley: "Re: Making forward progress"
• Reply: Stephen Smalley: "Re: Making forward progress"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 09:09:30 PDT