Re: [RFC] LSM changes for 2.5.38

From: Alan Cox (alanat_private)
Date: Wed Oct 02 2002 - 16:07:59 PDT

  • Next message: Olaf Dietsche: "Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2"

    On Wed, 2002-10-02 at 23:55, Seth Arnold wrote:
    > We've said on this list a few times that it is important for security
    > module authors to understand the implications of their decisions.
    > Deciding to not mediate module parameters is a valid decision. Deciding
    > to mediate module parameters is a valid decision. One requires very
    > little thought and sidesteps the matter entirely. The other requires
    > quite a bit of thought and is difficult to get right -- but that is not
    > a problem for LSM, per se; it is for the authors of security modules.
    
    In many cases I disagree. Garbage in - garbage out. That goes for
    security policy decisions as well as the revenue. The security modules
    must get data that is sufficient to make the decision, locked correctly
    and with a defined scope and lifespan.
    
    For example passing an ascii path without thought is useless because you
    would race name lookups against things like symlinks. The same goes for
    audit stuff which is one of the reasons snare needs a lot of work yet
    
    
    Alan
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Oct 02 2002 - 16:01:34 PDT