Re: Possible system call interface for LSM

From: richard offer (offerat_private)
Date: Mon Aug 13 2001 - 16:01:43 PDT

  • Next message: Greg KH: "Re: Possible system call interface for LSM"

    * frm gregat_private "08/13/01 15:31:22 -0700" | sed '1,$s/^/* /'
    *
    * On Sun, Aug 12, 2001 at 04:54:49AM +0000, David Wagner wrote:
    *> But the point is that we need a uniform standard to reliably
    *> rule out ambiguous parses.  For instance, we need all modules
    *> to agree that the first arg carries a token identifying the
    *> intended module.  If different modules have different identification
    *> protocols, there is no guarantee that such a type-confusion attack
    *> cannot occur.
    * 
    * No we don't need any such "uniform standard".
    * 
    * You need a standard for _your_ user applications to determine if _your_
    * security module is currently loaded.  And since you wrote both of them,
    * and control both of them, you're set.
    
    My applications == your applications. In my trusted distribution of course
    I control the horizontal and the vertical, but I don't see a lot of trusted
    distributions out there. Most people take code from X and install it on Y,
    that's Linux. At least provide enough infrastructure that we (policy
    writers/distribution vendors/application writers) can provide a better
    interface than "core dumped".
    
    Forking linux is nothing compared to nightmare that you get with forking
    all the applications.
    
    
    
    
    Lets summarize.
    
        In the blue corner we have people that seem to want a system call means
    to determine confirm an application is talking to the right policy
            Stephen, David, Richard, Casey
    
        In the red corner we have people who think it should be done via /proc
            Greg, Jesse, 
    
        In the green corner we have those that think its un-needed
            J. Melvin
    
    Crispin ?
    
    Have I got all the corners right ?
    
    
    The semi-interesting point is that Stephen and myself are both working on
    projects that involve a complete linux distribution. Our policies are not
    limited to kernel code, but propagate out to include  a number of modified
    apps. Maybe that means something, maybe it doesn't.
    
    Its going to be an intersting BOF :-) I'll be the person wearing asbestos
    pants.
    
    * 
    * thanks,
    * 
    * greg k-h
    * 
    
    richard.
    
    -----------------------------------------------------------------------
    Richard Offer                     Technical Lead, Trust Technology, SGI
    "Specialization is for insects"
    _______________________________________________________________________
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 16:02:36 PDT