RE: Possible system call interface for LSM

• Previous message: Lachlan McIlroy: "RE: Possible system call interface for LSM"
• In reply to: jmjonesat_private: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "RE: Possible system call interface for LSM"
• Next in thread: KRAMER,STEVEN (HP-USA,ex1): "RE: Possible system call interface for LSM"
• Reply: jmjonesat_private: "RE: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: jmjonesat_private [mailto:jmjonesat_private]
> Sent: Friday, August 10, 2001 2:57 AM
> To: Lachlan McIlroy
> Cc: linux-security-moduleat_private
> Subject: Re: Possible system call interface for LSM
> 
> 
> 
> 
> With regard to security_ops->module_id
> 
> This raises some issues with my stackable modules.
> 
> If we're defining a single module_id that is to 
> be trusted as unique for a module or family of modules,
> how will these identifiers be assigned to assure they're 
> unique?  
> 
> Since everybody will be implementing this hook (it's required
> to pass the sanity check for installation), is it really useful or
> necessary to check the module identity outside the module?
If the module forgets to do this check then there could be
problems.  The application performing the system call and
the module must agree on a format for the arguments in order
to pass them through this generic system call.  It makes
sense to me that an application using policy A should not
even begin execute the system call belonging to a module
using policy B.  Do you have a need to do otherwise?
> 
> I don't necessarily see the value of copying data to and from 
> kernel space
> outside the module, but it does seem to be something that will be very
> common.  If most are likely to do it, putting it in one place 
> makes sense.
There's also the possibility that the copied user structure
contains a field that is another user space pointer.  The
module will have to take care of this if it occurs.
> 
> Would doing it and passing BOTH the user and kernel pointer 
> to the hook 
> solve both cases, or just clutter up kernel memory hopelessly with
> something generally useless? (Depends on how many use which pointer.)
> 
> 
> J. Melvin Jones 
> 
> 
> |>------------------------------------------------------
> ||  J. MELVIN JONES            jmjonesat_private 
> |>------------------------------------------------------
> ||  Microcomputer Systems Consultant  
> ||  Software Developer
> ||  Web Site Design, Hosting, and Administration
> ||  Network and Systems Administration
> |>------------------------------------------------------
> ||  http://www.jmjones.com/
> |>------------------------------------------------------
> 
> 
> 
> 
---
Lachlan McIlroy                    Phone: +61 3 9596 4155
Trusted Linux                        Fax: +61 3 9596 2960
Adacel Technologies Ltd                    www.adacel.com




_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Lachlan McIlroy: "RE: Possible system call interface for LSM"
• Previous message: Lachlan McIlroy: "RE: Possible system call interface for LSM"
• In reply to: jmjonesat_private: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "RE: Possible system call interface for LSM"
• Next in thread: KRAMER,STEVEN (HP-USA,ex1): "RE: Possible system call interface for LSM"
• Reply: jmjonesat_private: "RE: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 18:25:44 PDT