Re: Possible system call interface for LSM

• Previous message: Greg KH: "Re: Possible system call interface for LSM"
• In reply to: Greg KH: "Re: Possible system call interface for LSM"
• Next in thread: Greg KH: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Reply: Greg KH: "Re: Possible system call interface for LSM"
• Reply: Seth Arnold: "Re: Possible system call interface for LSM"
• Reply: Crispin Cowan: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* frm gregat_private "08/13/01 15:31:22 -0700" | sed '1,$s/^/* /'
*
* On Sun, Aug 12, 2001 at 04:54:49AM +0000, David Wagner wrote:
*> But the point is that we need a uniform standard to reliably
*> rule out ambiguous parses.  For instance, we need all modules
*> to agree that the first arg carries a token identifying the
*> intended module.  If different modules have different identification
*> protocols, there is no guarantee that such a type-confusion attack
*> cannot occur.
* 
* No we don't need any such "uniform standard".
* 
* You need a standard for _your_ user applications to determine if _your_
* security module is currently loaded.  And since you wrote both of them,
* and control both of them, you're set.

My applications == your applications. In my trusted distribution of course
I control the horizontal and the vertical, but I don't see a lot of trusted
distributions out there. Most people take code from X and install it on Y,
that's Linux. At least provide enough infrastructure that we (policy
writers/distribution vendors/application writers) can provide a better
interface than "core dumped".

Forking linux is nothing compared to nightmare that you get with forking
all the applications.




Lets summarize.

    In the blue corner we have people that seem to want a system call means
to determine confirm an application is talking to the right policy
        Stephen, David, Richard, Casey

    In the red corner we have people who think it should be done via /proc
        Greg, Jesse, 

    In the green corner we have those that think its un-needed
        J. Melvin

Crispin ?

Have I got all the corners right ?


The semi-interesting point is that Stephen and myself are both working on
projects that involve a complete linux distribution. Our policies are not
limited to kernel code, but propagate out to include  a number of modified
apps. Maybe that means something, maybe it doesn't.

Its going to be an intersting BOF :-) I'll be the person wearing asbestos
pants.

* 
* thanks,
* 
* greg k-h
* 

richard.

-----------------------------------------------------------------------
Richard Offer                     Technical Lead, Trust Technology, SGI
"Specialization is for insects"
_______________________________________________________________________


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Greg KH: "Re: Possible system call interface for LSM"
• Previous message: Greg KH: "Re: Possible system call interface for LSM"
• In reply to: Greg KH: "Re: Possible system call interface for LSM"
• Next in thread: Greg KH: "Re: Possible system call interface for LSM"
• Next in thread: jmjonesat_private: "Re: Possible system call interface for LSM"
• Reply: Greg KH: "Re: Possible system call interface for LSM"
• Reply: Seth Arnold: "Re: Possible system call interface for LSM"
• Reply: Crispin Cowan: "Re: Possible system call interface for LSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 16:02:36 PDT