Re: How will LSM evolve?

• Previous message: Charles Levert (LMC): "How will LSM evolve?"
• In reply to: Charles Levert (LMC): "How will LSM evolve?"
• Next in thread: Crispin Cowan: "Re: How will LSM evolve?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Hi.
>
> After a discussion with my colleagues today, I wondered about the
> following.  The kernel evolves all the time.  There will always be
> patches available for it; some will be integrated, but others will
> appear.  Assume that, e.g., the IPSec functionality from FreeS/WAN
> would already be in the standard 2.4 kernel from which the LSM effort
> was started.  Further assume that, were that the case, there would
> have been one or more LSM hooks in that IPSec code.
>
> Now, the reality is that IPSec is still a patch.  If, as is the plan,
> LSM is integrated in the standard kernel, and if, later, the IPSec code
> were also to be merged in with new hooks, what would be the consequences:
> -- for existing object modules ?
> -- for existing source modules (simple recompilation, or more)?
>
> What will be the general instructions for producing patches that want
> to add new hooks?  In other words, how will LSM evolve once it's in
> the standard kernel?  What will be the issues?

IPSec is a _BAD_ example. It's not well written IMHO (only works for i386 if
memory serves.... that's pretty lame) in fact they are using a code base
several years old that they probably should have thrown out and started
fresh, but haven't. Very few vendors have integrated it into the kernel's
they ship (for example Red Hat ships CIPE rather then FreeSWAN, that should
tell you something right there).

LSM OTOH has been designed and written with kernel integration in mind, and
while Linux kernel changes may break it (for example if they rip out the VM
system _again_) but it'll get fixed. And vendors will test it to make sure
it works, realistically most users now run vendor supplied kernels, so it's
much less of an issue then it used to be.

>
> Thanks.
>
>
> Charles




Kurt Seifried, kurtat_private
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Crispin Cowan: "Re: How will LSM evolve?"
• Previous message: Charles Levert (LMC): "How will LSM evolve?"
• In reply to: Charles Levert (LMC): "How will LSM evolve?"
• Next in thread: Crispin Cowan: "Re: How will LSM evolve?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 08 2002 - 13:53:37 PDT