On Fri, Dec 27, 2002 at 02:53:03PM -0800, Crispin Cowan wrote:
> You're right; benchmarking OWLSM would be a worthwhile effort.
>
> My claim that it is performance neutral is based on the architecture,
> not examining the code. OWLSM imposes some very simplistic policies
> system-wide, e.g. root processes cannot follow sym links under certain
> conditions. These policies don't require significant lookups, and thus
> the logic should be pretty trivial and fast.
>
> Therefore, I conjecture that OWLSM imposes very small overheads at the
> micro-level, and no measurable overhead at the macro level.
<translating>
- I haven't even glanced at the OWLSM code, but in theory it should
have no overhead at all, anyone want to verify this?
</translating>
<summary>
You can take the professor out of the college, but you can't make him
stop acting like he's still there.
</summary>
:)
(sorry, I couldn't resist...)
> <stirring up the hornet's nest>
>
> * Greg: what parts of Stacker did you find that looked slow?
> * David: assuming Greg comes up with concrete complaints, what is
> your rebuttal?
Nice try, but honestly, I don't really care about the stacker module.
Any module that I care about will just use the capabilities code
directly, just like the current owlsm and root_plug modules do.
But I can see how it would be a neat research project, and as such, do
not see a problem with it being slow :)
thanks,
greg k-h
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 15:42:25 PST