Hi , I want to update the LSM community with the current status of LSM hook revalidation using our runtime analysis tool. I have done the following things: -- regression test on results between 2.4.16 and 2.4.19 -- done fairly detailed examination of networking results for missing hooks on 2.4.19 -- got partway through port of 2.5.26 I generated analysis logs of system calls, LSM checks, function calls, and controlled operations (ops on inode, file, task, superblock, socket, skb, sock) for 2.4.16 and 2.4.19. Our analysis tool automatically finds the differences between the 2.4.16 and 2.4.19 logs for regression. In the file system, results are identical except for the occasional additions of fields. I have to augment the tool to do a proper analysis of mmap2, but otherwise the 2.4.19 file system is consistent with 2.4.16. We had not done a detailed analysis of the network subsystem hooks yet, so I also did that. The socket hooks are placed at a higher level than the file system hooks, so in general these objects (sockets and socks) are always authorized. The receiving sock can be authorized by receive skb. I cannot yet test the management of security information through skbuffs (receive, alloc, free). Overall things look good here although I'd like to have a better sense of what operations should be associated with which system calls -- I'll have to think about how to do this better... The networking data is unstable with respect to our analysis output, so at present regression testing for the network is not very useful. This may not me anything to anyone but me, but the bottom line is I'll have to work on making network regression testing automatic. Porting of our analysis tool from 2.4 to 2.5.26 is not yet complete. Many of the patched changes we need to instrument the kernel had to be changed for 2.5. I have built and booted an instrumented 2.5.26 kernel, but logging does not work properly yet. I have to do some other things, so I won't be able to get back to this for two or three weeks. I presume that this is the case that is ultimately of interest, so I'll try to report back in mid-Sept. Regards, Trent. ---------------------------------- Trent Jaeger IBM T.J. Watson Research Center 19 Skyline Drive Hawthorne, NY 10532 jaegertat_private (914) 784-7225, FAX (914) 784-7595 _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Aug 20 2002 - 11:08:35 PDT