Re: quotactl hook

• Previous message: Chris Wright: "Re: quotactl hook"
• In reply to: Crispin Cowan: "Re: quotactl hook"
• Next in thread: Crispin Cowan: "Re: quotactl hook"
• Next in thread: Chris Wright: "Re: quotactl hook"
• Reply: Crispin Cowan: "Re: quotactl hook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* frm crispinat_private "09/05/01 16:10:35 -0700" | sed '1,$s/^/* /'
*
* Casey Schaufler wrote:
* 
*> The capable()+restrictive scheme fails if the existing kernel
*> code short circuits out on failure, and there's no reason it
*> shouldn't if hooks are documented as restrictive. Any performance
*> optimizer (and the Linux community is full of 'em) will look
*> at code which calls a restrictive hook after a failure case and
*> "fix" it, in what for our nefarious purposes would be the
*> veterinary sense.
*> 
* However, the "authoritative" change that is being proposed ALSO
* short-circuits on DAC failure.  That is a BIG part of the question of "is
* this good enough for SGI's purposes?"  Most of the people messing with
* the code believe that it is infeasible to insert an authoritative hook on
* every short-circuit case.
* 
* So, in no event are we going to get "no short circuiting".  With that in
* mind, does the "kinda authoritative" approach embodied in Stephen's patch
* -> Lachlan's patch -> Chris Wright's patch present a substantial
* improvement in LSM usefulness to SGI?

Yes. The principle is "always call a hook". The implementation of that
principle can be either

    post-DAC logic authoritative hook
or
    pre-DAC logic hook.

Our ideal solution is #2, but that collides with Wirex's requirements, so a
post-DAC authoritaive hook where it works for both Wirex and SGI and a
pre-DAC where Wirex doesn't care works best for both sides of the argument
of DAC before MAC vs MAC before DAC.

The case of short circuiting can be addressed by pre-DAC hooks which can be
either authortative or restrictive (we don't care at that point).

* 
* Crispin

richard.

-----------------------------------------------------------------------
Richard Offer                     Technical Lead, Trust Technology, SGI
"Specialization is for insects"
_______________________________________________________________________


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Wright: "Re: quotactl hook"
• Previous message: Chris Wright: "Re: quotactl hook"
• In reply to: Crispin Cowan: "Re: quotactl hook"
• Next in thread: Crispin Cowan: "Re: quotactl hook"
• Next in thread: Chris Wright: "Re: quotactl hook"
• Reply: Crispin Cowan: "Re: quotactl hook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 16:28:01 PDT