Re: Basic questions about LSM architecture.

• Previous message: rhys tucker: "Basic questions about LSM architecture."
• In reply to: rhys tucker: "Basic questions about LSM architecture."
• Next in thread: Chris Wright: "Re: Basic questions about LSM architecture."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

rhys tucker wrote:

>1. What security configuration does the base kernel have under LSM?. Is it nothing or is it the traditional root and others?.
>
It's in between.  The traditional "root, user-ID, mode bits" is still in 
the kernel, but the (somewhat less traditional) POSIX.1e "capabilities" 
or "privs" stuff has been removed and made an LSM module.

The "restrictive vs. authoritative" debate (which you might find in the 
archives :-) is about whether an LSM module may over-ride the kernels 
built-in root/user/mode bits decisions:

    * Restrictive: if the kernel says "no" to an access, then that's the
      end, and the answer is "no". If the kernel says "yes" then the
      module gets to over-ride and say either "yes" or "no".
    * Authoritative: the kernel computes its answer and passes it to the
      module as an advisory opinion. The module then makes the final
      "yes/no" determination.


>2. The LKM mechanism has a dummy LKM representing the statically-linked base kernel. Is LSM's initial module intended to be the first loaded module after 
>this dummy LKM.? 
>
>3. What does LSM's initial LKM  achieve? 
>
Dunnow about these. Either read the source, or wait for someone closer 
to the source to answer your question.

>4. How are system-calls affected?. How many additional system calls are implemented in the base kernel for LSM support? Do LSM modules implement more 
>system-calls?
>
LSM does not directly mediate system calls. The architecture is intended 
to mediate access to internal kernel objects, e.g. process taskblocks, 
inodes, etc.

LSM implements one additional system call. If the module wants more than 
one system call, then the module is responsible for multiplexing its 
functionality through that one syscall.

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html



_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Wright: "Re: Basic questions about LSM architecture."
• Previous message: rhys tucker: "Basic questions about LSM architecture."
• In reply to: rhys tucker: "Basic questions about LSM architecture."
• Next in thread: Chris Wright: "Re: Basic questions about LSM architecture."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Nov 24 2001 - 14:21:27 PST