Re: c2 (or c2-like) auditing for Linux

From: Seth Arnold (sarnoldat_private)
Date: Wed Jan 29 2003 - 21:35:25 PST

  • Next message: bigat_private: "Re: Sample"

    On Wed, Jan 29, 2003 at 10:34:30PM -0500, Valdis.Kletnieksat_private wrote:
    > We recently had a rework of the LSM code such that it added zero executable
    > unless you asked for LSM in the .config.  Would Linus be more receptive
    > if audit was similarly implemented?
    
    Performance isn't everything. I've heard a bit of reluctance on the
    part of kernel maintainers for the existing LSM hooks; adding dozens of
    new hooks for auditing purposes is a significant amount of new source,
    even if none of it ever makes it to the standard user's compiled kernel.
    
    (To directly answer your question: I think the only way Linus would ever
    consider adding auditing callbacks would be if they made no binary size
    or performance penalties except for those interested in paying the price.)
    
    -- 
    "As we all know by now, the republicans won control of congress, and as
    someone who requires a steady flow of rage to make his living, I couldn't
    be happier." -- Lewis Black
    
    
    

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module



    This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 21:36:28 PST