Re: Willing to change LSM so secondary defaults correct

• Previous message: dwheelerat_private: "Re: Having trouble setting up 2.5.52-lsm1... suggestions?"
• Maybe in reply to: David Wheeler: "Willing to change LSM so secondary defaults correct"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Crispen:
> David: assuming Greg comes up with concrete complaints,
> what is your rebuttal?

I'm not sure what you're asking, but I'll try to reply anyway.
The two main issues that Greg has raised are:
(1) modules won't promise to work with arbitrary other modules, and
(2) any stacker will (probably) be slow.

For the first point, I agree with Greg; I don't expect modules to
promise to work with all other modules.  I instead expect that either
(a) module writers will list specific other modules that they will work with
(creating a "closed club"), or (b) administrators will have to make
the determination of whether or not modules can be combined, at their risk.
For (b), I think that there are many useful special cases where
modules _CAN_ be shown to work together that it's worth doing.
E.G., if you can have special-case modules that only prohibit certain
dangerous actions, and don't use the security blobs, there's a
a better chance of them working together.  There's no guarantee.
E.G., the owlsm /tmp file stuff should combine well with many other
security policies.

The second point is a valid concern.
This was especially a problem in my first version of the stacker,
which invoked a lock on every hook invocation (ouch!!).
However, things have gotten better; by default the latest version only
locks when a new LSM module is inserted; otherwise it just walks a linked list
and calls functions in the list. In theory, it SHOULD be relatively cheap
(yes, there are instruction cache issues, but still...).

However, as Greg says:
>The last time I looked at the "stacking module" it looked like it had
>the potential to greatly slow down things, but running real benchmarks
>would be the only way to tell this.

And I completely agree with Greg; benchmarks are the ONLY valid way to
really answer the question.


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen D. Smalley: "Re: [patch] Hook for d_instantiate"
• Previous message: dwheelerat_private: "Re: Having trouble setting up 2.5.52-lsm1... suggestions?"
• Maybe in reply to: David Wheeler: "Willing to change LSM so secondary defaults correct"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Dec 29 2002 - 10:52:09 PST