Re: Possible system call interface for LSM

• Previous message: David Wagner: "Re: Possible system call interface for LSM"
• In reply to: richard offer: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Reply: jmjonesat_private: "Re: Possible system call interface for LSM"
• Reply: Greg KH: "Re: Possible system call interface for LSM"
• Reply: Jesse Pollard: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

My main axe to grind here was that it should be a syscall, so I've been
quite through the rest of the debate, but thought I'd chip in here.

richard offer wrote:

> *> I'm not going to go and create a pseudo file system just to let
> *> applications know that my policy is loaded. That's bogus. You'd rather
> *> increase the kernel size than pass one extra parameter?
> *
> * No, I'd rather not overload an existing clean interface (syscalls) with
> * a new functionality that will take time (computer time with the extra
> * parameter)
>
> And that is slower than opening a file?

I believe that the argumenthere is that the compute cost of an extra
parameter is paid by all modules on every call to the LSM syscall, vs. a
one-time cost of accessing a pseudo-file to identify a module.  The file
access is slower, but occurs much less often, off the critical path.


> * And how much bloat is creating a single /proc entry to let your
> * userspace programs know that your module is loaded?
>
> Well, now I need /proc compiled in, that's 46k.

It seems legitimate that an application may want to probe for the existance
of a specific module.  But it also seems that not all modules will have this
need (e.g. SubDomain doesn't need it, because I don't care how well
SubDomain-enabled apps run on non-Immunix systems).  So what we need is a
way for applications to detect modules, such that:

   * the detection doesn't cost too much
   * modules & applications that don't care about module detection don't pay
     for it

Richard seems to feel that 46 KB of kernel space for /proc is too much to
pay.  That seems a tad extreme to me: 46 KB is not much space for any
machine bigger than a wrist watch, and for larger systems, I suggest that
/proc will be included most of the time anyway.  So:

   * Richard: what embedded applications are there that are that tight on
     memory, and also need B1 security? (1/2 :-)
   * Group: is there perhaps a cheaper way to indicate the presence of an
     LSM module than a /proc entry? Or is that really the Linux Way to do
     this, and we should stop with the fussing?

Crispin

--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: jmjonesat_private: "Re: Possible system call interface for LSM"
• Previous message: David Wagner: "Re: Possible system call interface for LSM"
• In reply to: richard offer: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Reply: jmjonesat_private: "Re: Possible system call interface for LSM"
• Reply: Greg KH: "Re: Possible system call interface for LSM"
• Reply: Jesse Pollard: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 18:03:41 PDT