From: jmjonesat_private
Date: Wed Nov 07 2001 - 17:29:30 PST

  • Next message: Casey Schaufler: "Re: SNARE"

    On Wed, 7 Nov 2001, Casey Schaufler wrote:
    > Casey Schaufler wrote:
    > > I'll pass on information should I receive any.
    > Here's what they had to say. Issues of audit remain open.
    > ---
    > We've had a little involvement with LSM, and have been trying to keep up
    > with activity summaries, but we've been concentrating pretty heavilly on
    > snare lately. As such, we have been out of the picture for a few months
    > now.
    > Quite early on in the process (around March), we had some contact with a
    > few LSM developers, but it didn't seem as though the LSM project was
    > going to be sufficiently advanced to make our job much easier with SNARE
    > (at least, at that point in time). However, we've tried to design SNARE
    > in such a way that we can re-tool the back-end, without changing the
    > fundamental features, so if the LSM could provide a more logical
    > mechanism to track the system calls we need for auditing, we should be
    > able to integrate nicely.
    > -- 
    > Casey Schaufler				Manager, Trust Technology, SGI
    > caseyat_private				voice: 650.933.1634
    > casey_pat_private			Pager: 888.220.0607
    Thanks.  Their project claims to handle such things as audit and C2, but I
    have no personal knowlege one way or the other.
    The claim alone may justify LSM as another project, provided LSM doesn't
    preclude their project.
    I'm glad they are proceding in an LSM+Kernel method.  I believe LSM
    inclusion is a "done deal", with some concerns about the impact of
    excessively opinionated individuals.  I hope that the "core members" will
    respond to kernel developer questions, and "back door" the rest of us, for
    advice and opinion.
    Our solution is much too invasive to propose to the kernel community as an
    "official inclusion", (unless we get good numbers, like 50% or more
    application) but, then again, we're addressing a very specific
    set of needs (without excluding other needs.)  We simply want a Linux that
    is secure for our Customers.  Access-Restrictive may actually be secure,
    but audit filtered through AI makes us more comfortable sleeping at night. 
    We're admins (Consumers (Customers in the way I understood Greg K-H to
    exclude)) of Linux.
    Anyway, Thanks,
    J. Melvin Jones
    ||  J. MELVIN JONES            jmjonesat_private 
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed Nov 07 2001 - 17:30:42 PST