Re: c2 (or c2-like) auditing for Linux

From: Seth Arnold (sarnoldat_private)
Date: Wed Jan 29 2003 - 21:35:25 PST

  • Next message: bigat_private: "Re: Sample"

    On Wed, Jan 29, 2003 at 10:34:30PM -0500, Valdis.Kletnieksat_private wrote:
    > We recently had a rework of the LSM code such that it added zero executable
    > unless you asked for LSM in the .config.  Would Linus be more receptive
    > if audit was similarly implemented?
    Performance isn't everything. I've heard a bit of reluctance on the
    part of kernel maintainers for the existing LSM hooks; adding dozens of
    new hooks for auditing purposes is a significant amount of new source,
    even if none of it ever makes it to the standard user's compiled kernel.
    (To directly answer your question: I think the only way Linus would ever
    consider adding auditing callbacks would be if they made no binary size
    or performance penalties except for those interested in paying the price.)
    "As we all know by now, the republicans won control of congress, and as
    someone who requires a steady flow of rage to make his living, I couldn't
    be happier." -- Lewis Black

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private

    This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 21:36:28 PST