Re: OLS Bof info

• Previous message: richard offer: "Re: OLS Bof info"
• In reply to: richard offer: "Re: OLS Bof info"
• Next in thread: Valdis.Kletnieksat_private: "Re: OLS Bof info"
• Next in thread: Chris Wright: "Re: OLS Bof info"
• Reply: Valdis.Kletnieksat_private: "Re: OLS Bof info"
• Reply: richard offer: "Re: OLS Bof info"
• Reply: Lachlan McIlroy: "Re: OLS Bof info"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

richard offer wrote:

> * chrisat_private at '7/2/02 12:54 PM -0700'
> * No, we don't want this.  Kernel subsystems are particular to kernel
> * version.  If you have these needs you are porting to kernel version Z.
>
> So we should make it clear for module writers that LSM version X on 
> 2.4 may have a different set of hooks than LSM version X on 2.5... 

I think you guys are talking at cross-purposes.

    * Chris is saying that modules should be compiled precisely for the
      kernel they are going into. Linux has never supported anything
      else. If a slightly newer kernel loads an older module without
      complaint, it is purely good fortune, but not supported.
    * Richard is concerned that the 2.4 and 2.5 API's will diverge. That
      is not the intent. We DO intend to keep the 2.4 and 2.5 LSM APIs
      consistent. If anything, broad release of a 2.4 version should
      wait until the 2.5 version is "settled", so that it won't change
      too rapidly once the 2.4 version is released.

What this discussion is REALLY about is "safe" stub filling:

    * LSM has 150+ functions to populate. They *all* have to be
      populated, which can be tedious if you only want to mediate a few
      hooks.
    * Brute force solution: make the module programmer do it by hand.
    * Semi-automatic solution: some kind of mechanism that populates all
      of the stubs that you didn't fill in yourself.

*Risk:* what if the kernel adds a new hook, and you (module writer) 
don't notice? And it's important to your security model, i.e. Chris adds 
the "kick Richard's module in the nads? Y/N" hook :) and Richard doesn't 
notice.

    * with the "manual fill" method, Richard's module won't
      compile/load, so he'll notice
    * with the auto method, Richard may well "port" is module to the new
      interface and not notice the new critical issue :)

Crispin, who's just having fun with the personal pronouns and doesn't 
really mean anything by it :)

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com/~crispin/
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Greg KH: "Re: OLS Bof info"
• Previous message: richard offer: "Re: OLS Bof info"
• In reply to: richard offer: "Re: OLS Bof info"
• Next in thread: Valdis.Kletnieksat_private: "Re: OLS Bof info"
• Next in thread: Chris Wright: "Re: OLS Bof info"
• Reply: Valdis.Kletnieksat_private: "Re: OLS Bof info"
• Reply: richard offer: "Re: OLS Bof info"
• Reply: Lachlan McIlroy: "Re: OLS Bof info"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 02 2002 - 13:59:38 PDT