Re: [PATCH] remove sys_security

From: Crispin Cowan (crispinat_private)
Date: Fri Oct 18 2002 - 01:00:34 PDT

  • Next message: David S. Miller: "Re: [PATCH] remove sys_security"

    David S. Miller wrote:
    
    >There is a very important fundamental difference to the USB case.
    >It eats zero space in my kernel when I have no USB devices.
    >CONFIG_USB=m works as designed!
    >
    >CONFIG_SECURITY=m still does not exist, so distribution makers have to
    >make a y vs. n choice.
    >
    This was our design goal for LSM: to be as minimally intrusive to the 
    kernel as possible. We would LOVE to have a zero-footprint solution that 
    allowed users to enable LSM when they need it. More precisely, LSM is 
    that mechanism intended to impose as little overhead as possible with no 
    modules loaded, and provide adequate access to the modules when they are 
    loaded.
    
    LSM is not zero-footprint, but it is as low as we could make it. We are 
    interested in ways to reduce the footprint, but that reduction needs to 
    be looked at in cost/benefit terms: changes that have very little impact 
    on footprint, but high impact on the functionality of the LSM interface. 
    If you remove this system call, you will save almost nothing in kernel 
    resources, but do a lot of damage to functionality.
    
    On the other hand, the complaints about the typing of the arguments are 
    well taken, in the context of 32/64-bit porting issues. So what types 
    should the arguments be? Abstractly, they are integers, in the 
    mathematical sense. What is the preferred word-size-portalbe way to 
    express that?
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX                      http://wirex.com/~crispin/
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    
    
    
    

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module



    This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 01:02:17 PDT