Crispin Cowan wrote: > LSM *never* had any hostility towards audit. Err, that's NOT what it looked like from this end! > Rather, *Linus* is hostile towards audit, and LSM (by > necessity) exists at Linus' pleasure. My belief is that Linus is hostile to the all intrusive audit (referenced below) that serves no other purpose. This was a good incentive to suggest LSM, and was one of it's instigators. That LSM does not make the audit problem go away inplies to me that it's not as successful as it could have been. > Persuade Linus that it is > worth-while to add features to LSM that exist only to support C2-like > audit, and I would be happy to add the hooks. As far as I can tell, no > one else in the LSM community is hostile, either, we just chose not to > fight that battle with Linus for you. Good point, and I understand that the desire to have an LSM that meets those other needs should not be held back by a known worst case sort of feature. > Caveat: adding fully compliant C2 audit hooks to LSM is very intrusive. > IIRC, it requires roughly six times the number of file system hooks as > the present implementation. The issue is that LSM hooks just ahead of > actually granting access, and C2 requires hooks that detects attempts to > access that will fail for non-security reasions. Detecting those cases > is hard, because the Linux kernel short-circuits such error cases and > returns failure before getting to the LSM hooks. Yup. > Don't blame me if/when Linus shows you the door, and *defintely don't* > tell Linus that I said he should accept audit :-) Awe. No, I don't blame anyone. It's completely reasonable that those who back a cause should fight for it, banding with allies where it's mutually benifitial and accepting when they differ. > >Our own efforts have been sidetracked by our need to get > >the Altix 3000 to market, with any luck we should be able > >to get back in the swing of things sometime soon. Direct > >kernel integration is what LSM was slated to avoid, so do > >try to use it. We'll be looking at Snare real soon. > > > I agree with that: please try to use LSM for as much audit as you can. > It is both interesting science and practical utility to see how much > audit can be done with the existing LSM. We have got a "pretty close" audit for LSM. We don't yet have approval to release it. LSM has moved a bit since we last touched the audit code, and it our own fault that we're out of sync. -- Casey Schaufler Manager, Trust Technology, SGI caseyat_private voice: 650.933.1634 casey_pat_private Pager: 877.557.3184 _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 16:52:29 PST