Re: [PATCH] Authoritative hooks

• Previous message: Stephen Smalley: "Re: [PATCH] Authoritative hooks"
• In reply to: Greg KH: "Re: [PATCH] Authoritative hooks"
• Next in thread: jmjonesat_private: "Re: [PATCH] Authoritative hooks"
• Next in thread: jmjonesat_private: "Re: [PATCH] Authoritative hooks"
• Next in thread: Seth Arnold: "Re: [PATCH] Authoritative hooks"
• Reply: jmjonesat_private: "Re: [PATCH] Authoritative hooks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* frm gregat_private "08/23/01 08:57:00 -0700" | sed '1,$s/^/* /'
*
* On Thu, Aug 23, 2001 at 08:05:19AM -0400, Stephen Smalley wrote:
*> 
*> The size and cleanliness of the patch
*> could affect acceptability by the kernel developers, so that may be
*> a real concern.
* 
* That is a real concern at this point.  Keeping the original patch small
* and "obvious" is very important.
* 
* I like Crispin's "roadmap".  After we get the original hooks in the
* kernel, then we can move on to possibly changing them to a format like
* this patch if people want them (and it looks like people do.)
* 
* Sound ok?

No, but you knew I was going to say that didn't you ? ;-)

I do not believe that we (LSM) can assume that there will be a phase 2. We
should definetely not plan for one. While we (SGI) will do a phase 2 (we
still need those darned FD's for POSIX compliance), that's not to say the
rest of the LSM project will provide ongoing support for Casey's Evil Plan
for World Domination :-)

Shipping something small which we know is flawed for some policies just to
be able to say we've shipped something small is optimising on the wrong
parameter.

While the authoritative route might be bigger I personally think its more
obvious, no "well you can hook this action but be prepared to be over-ruled
by the built in kernel logic---which you can't remove". Its "hook this and
you have total control. This includes the option to blow your head off". 

Does this mean that its going to be easier to write a broken policy? Yes.
Does it mean that we shouldn't support the "power-user", and instead
hand-hold every policy writer so that they can't pull the trigger? I don't
believe so.


Without authoritaitve hooks we again re-open the issue of MAC before DAC vs
DAC before MAC. Its not like we're doing authoritative hooks simply for the
fun of it. There is a really good techinical reason for it, to support a
wider range of policies. Really good techincal reasons should be something
the kernel developers appreciate.

* 
* thanks,
* 
* greg k-h
* 

richard.

-----------------------------------------------------------------------
Richard Offer                     Technical Lead, Trust Technology, SGI
"Specialization is for insects"
_______________________________________________________________________


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: jmjonesat_private: "Re: [PATCH] Authoritative hooks"
• Previous message: Stephen Smalley: "Re: [PATCH] Authoritative hooks"
• In reply to: Greg KH: "Re: [PATCH] Authoritative hooks"
• Next in thread: jmjonesat_private: "Re: [PATCH] Authoritative hooks"
• Next in thread: jmjonesat_private: "Re: [PATCH] Authoritative hooks"
• Next in thread: Seth Arnold: "Re: [PATCH] Authoritative hooks"
• Reply: jmjonesat_private: "Re: [PATCH] Authoritative hooks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 23 2001 - 09:37:55 PDT