On Mon, Nov 05, 2001 at 05:13:47PM -0800, Casey Schaufler wrote: > Unless the branch is the official Phase II. We believe that would > address all of the issues We can think of from my side. We expect > it would raise a bunch elsewhere, and that's fair. I think such a 'phase 2' repository can be made to work. Most of the reasons to avoid opening up this phase 2 repository revolve around one simple fact: we really have no idea what will make it into the linux kernel in 'phase 1'.[1] This is where the real value of getting a jump-start on phase 2 could lie; rather than trying to closely track phase 1 with the exception of being authoritative, it could try to be the 'right' solution, for some value of 'right'. It could be something along the lines of reducing all security checks to operations on security* blobs, similar to: operation_allowed(S_PTRACE, ptracing_task->security, ptracee_task->security); Where the security blobs would include all relevant information. Or, heck, take gregkh's advice and turn everything into a filesystem. Then, kernel operations could check the contents of files such as security_namespace:/open/proc/inode or security_namespace:/ptrace/ptracing_task/ptracee_task to allow or disallow this operation. (Though, I'm sure gregkh would chime in, "the kernel shouldn't be reading files", so lets be clear that this half-baked idea is mine -- "use a filesystem" is gregkh's refrain for interacting with userspace. :) In short -- use the vagueness of the final form of phase 1 as a starting point for phase 2's work, rather than allow the nebulous nature of unaccepted code be a restraint. My only concern is that it might seem highly presumptious to start phase 2 while phase 1 is still far from a done deal. However, I think we've pointed out often enough that LSM is far from being a done deal, so as long as any accouncements of a phase 2 repository are couched in the language of, "this is what we would *really* like to see in the linux kernel in the long run" rather than, "we got our foot in the door, time for our Evil Plan For World Dominiation", I think we wouldn't upset too many people. :) -- sarnold, hoping he didn't start Yet Another Flamewar^WEndless Discussion On The Form Of The Hooks [1]: Including the possibility that perhaps the only piece we only get in could be the system call. -- The Bill of Rights: 7 out of 10 rights haven't been sold yet! Contact your congressman for details how *you* can buy one today! _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Nov 12 2001 - 13:52:48 PST