Re: Possible system call interface for LSM

From: jmjonesat_private
Date: Fri Aug 10 2001 - 17:37:30 PDT

  • Next message: richard offer: "Re: Possible system call interface for LSM"

    On Fri, 10 Aug 2001, richard offer wrote:
    > * frm gregat_private "08/10/01 16:33:24 -0700" | sed '1,$s/^/* /'
    > *
    > * 
    > * Ah, but Stephans program should first validate that the kernel is
    > * running SELinux by some other method than the syscall (I've detailed
    > * that in a previous message).  And so should yours.  So there will be no
    > * conflicts if you validate that your module is loaded before calling the
    > * syscall.
    > I could have no way to determine if my policy is loaded. Seriously, I
    > don't. Audit is invisible, so is MAC.
    > I'm not going to go and create a pseudo file system just to let
    > applications know that my policy is loaded. That's bogus. You'd rather
    > increase the kernel size than pass one extra parameter?
    Bing-Bang-Boom.  Create /proc/lsm-modules/ , put sgi-whatever in it. 
    (Never tried to put anything anywhere but /proc/, but I'd guess it's
    possible, if not, just put it in /proc)  Have your application check if it
    exists. Have your application pass the whatever it reads from that file to
    the module as the first long in the syscall list.
    Applications read once.  No significant cost from that.
    You can even generate the "whatever" based on PID, GID, and other factors
    known to both the module and the process by this method.
    Use 24 bits to make sure it's you and 8 to hold option flags.
    It's only a few lines of code, not a "huge bogus thang."
    Not being facetious... but why won't that provide the same or even better 
    Or, (not speaking for anybody but me), make the -1 value of the call
    parameter check a module ID, and prohibit (by documentation) it being
    used by any of us for any other reason.
    call == -1
    arg[0]== identifier
    Trust the module, inform the application.
    1 in 4 billion CALL values isn't likely to hurt anybody, and modules that
    don't implement it won't respond to it (I'd hope), and it doesn't create a
    new syscall pattern that needs to be generated and sold... or just look
    "different" (codoxenophobia) 
    This violates the "module composition/functionality" inhibition here, but
    it's trivial.
    > * 
    > * greg k-h
    > * 
    > richard.
    > -----------------------------------------------------------------------
    > Richard Offer                     Technical Lead, Trust Technology, SGI
    > "Specialization is for insects"
    > _______________________________________________________________________
    Am I Wrong?
    J. Melvin Jones
    ||  J. MELVIN JONES            jmjonesat_private 
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 17:39:58 PDT