In the process of actually WRITING a primary module for stacking other modules, I think I've identified a weakness in the current LSM interface involving sys_security. Luckily, I can think of at least two ways to solve it; they're both fairly simple, but they DO involve a change in the interface. Hopefully, I can convince everyone that it's a SMALL change and that it really is the cleanest solution. Here's the problem: under the current interface, if there is a master "stacking" module with other modules underneath it, and a call to sys_security is made intending to contact a specific stacked module, there's no way to always return the correct return value from the module that was SUPPOSED to have been contacted. This is because the master "stacking" module has no way to know which LSM module should be called when it's given an id. It can call all of them, but all of them will return a value... and now, which return value should the master stacking module return? It can just "return the first error", or "return anything that isn't -EPERM or -ENOSYS", but this isn't correct. After all, sys_security might return something OTHER than an error code (e.g., a bitmask or a pointer-fitting-in-an-int), or perhaps one of the unintended modules returns a value that gets selected by the master module. The master module could recompute an id from the name if the id follows the hashing convention, but now suddenly an MD5 implementation has to embedded in every master module just to perform this simple action. This is especially silly since the individual modules already know their id's; it's criminal to recompute what the requestor already knows! The problem is that the master module isn't getting the information. The master module could include a special inteface for separately sending this information. But now you have a complicated protocol that perhaps not all master modules support, to send really simple information. There are better ways to solve this, thankfully. Thus, it would be REALLY HELPFUL for stacking modules if the security_ops structure or mod_reg_security parameters also included the id of the LSM module being inserted. Then the master module would know which module to call when it gets a sys_security() call with a given id. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jul 19 2002 - 21:23:45 PDT