Re: USENIX Security LSM BOF topics

From: Crispin Cowan (crispinat_private)
Date: Tue Aug 14 2001 - 22:49:41 PDT

  • Next message: Crispin Cowan: "Re: Making forward progress"

    Stephen Smalley wrote:
    > On Mon, 13 Aug 2001, Chris Wright wrote:
    > > * name vs. inode (as Serge pointed out, we may have a solution in 2.5,
    > >   see
    > I thought that this was resolved, pending submission of a specific proposal
    > from WireX for new hooks that would meet their needs.  If 2.5 is going to
    > solve your problem anyway, then so much the better.
    Yes, that's correct.  We found it difficult to do, but this statement from AL
    Viro makes it much easier.
    > > * in-kernel check vs. lsm-check ordering
    > I thought that this was resolved, with the decision being that we place the
    > LSM hooks after the DAC logic whenever feasible.  This was already the case
    > for many of the hooks, and I think I moved the remaining ones when feasible.
    I agree with that, but wasn't convinced we had actually established a
    consensus.  In particular, I want to know whether shifting from restrictive to
    authoritative hooks eases SGI's issue with DAC-first.
    > > * all in-kernel checks to module
    > This seems to have been resolved by the recent posting by Ted Ts'o.
    I agree, but again wanted to actually get a consensus.
    > > anything else?
    > Yes, I would suggest that we also discuss the following:
    > * status and plans for the capabilities module
    > * controlling Unix domain sockets that use the abstract namespace
    > * Ted's comments about making LSM a configuration option, using
    >   macros, etc.
    > * plans for submitting a patch to the kernel developers
    Excellent points.
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Security Hardened Linux Distribution:
    Available for purchase:
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 08:28:20 PDT