Re: Authoritative hooks updated to 2.4.13

From: jmjonesat_private
Date: Sun Oct 28 2001 - 16:59:47 PST

  • Next message: Crispin Cowan: "Re: Authoritative hooks updated to 2.4.13"

    For the peanut gallery, and because this concern seems to be outside LSM's
    defined concern of "access restriction" (which is a hazy and largish
    area), I would like to state that I don't see the ptrace problem as being
    within the interest/scope of LSM, but I do see it as being within the
    scope of Linux Security.
    
    This is not necessarily a negative factor: LSM is focussed at a specific
    (hugely large) group of vulnerabilities... there are others that may be
    outside the scope of the project.
    
    There are many brilliant (and just smart) people here... can anybody
    provide a short analysis of the impact of the current LSM patch/solution
    as it relates to the ptrace problem?  Is there a structure (kernel or
    filesystem) that can be protected to eliminate or limit the impact of the
    ptrace "problem" provided by the current patch/philosophy/methodology? 
    
    It would help the sale, IMHO, if there was such an analysis, either way.
    
    Sincerely,
    J. Melvin Jones
    
    
    On Fri, 26 Oct 2001, Crispin Cowan wrote:
    
    > Greg KH wrote:
    > 
    > >On Fri, Oct 26, 2001 at 12:21:05PM -0700, Crispin Cowan wrote:
    > >
    > >>But if LSM had hooks that could do the above, people who wanted such a
    > >>ptrace prophalactic could have one.
    > >>
    > >How does our current ptrace hook not allow someone to develop such a
    > >module?  Is it lacking something?
    > >
    > I don't know whether it does or not, 'cause I didn't look :-)  Sorry for 
    > the distraction.
    > 
    > However, if anyone is looking for a cool project to code up, an LSM port 
    > of Solar's ptrace proposal would probably be quick & effective.
    > 
    > Crispin
    > 
    > -- 
    > Crispin Cowan, Ph.D.
    > Chief Scientist, WireX Communications, Inc. http://wirex.com
    > Security Hardened Linux Distribution:       http://immunix.org
    > Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    
    
    |>------------------------------------------------------
    ||  J. MELVIN JONES            jmjonesat_private 
    |>------------------------------------------------------
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    |>------------------------------------------------------
    ||  http://www.jmjones.com/
    |>------------------------------------------------------
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Sun Oct 28 2001 - 17:01:53 PST