Re: c2 (or c2-like) auditing for Linux

• Previous message: Valdis.Kletnieksat_private: "Re: c2 (or c2-like) auditing for Linux"
• In reply to: Seth Arnold: "Re: c2 (or c2-like) auditing for Linux"
• Next in thread: Crispin Cowan: "Re: c2 (or c2-like) auditing for Linux"
• Reply: Crispin Cowan: "Re: c2 (or c2-like) auditing for Linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Seth Arnold (sarnoldat_private) wrote:
> On Wed, Jan 29, 2003 at 10:34:30PM -0500, Valdis.Kletnieksat_private wrote:
> > We recently had a rework of the LSM code such that it added zero executable
> > unless you asked for LSM in the .config.  Would Linus be more receptive
> > if audit was similarly implemented?
> 
> Performance isn't everything. I've heard a bit of reluctance on the
> part of kernel maintainers for the existing LSM hooks; adding dozens of
> new hooks for auditing purposes is a significant amount of new source,
> even if none of it ever makes it to the standard user's compiled kernel.

I agree.  It's not just runtime overhead that's a concern, but also
source code maintainability.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Wright: "Re: c2 (or c2-like) auditing for Linux"
• Previous message: Valdis.Kletnieksat_private: "Re: c2 (or c2-like) auditing for Linux"
• In reply to: Seth Arnold: "Re: c2 (or c2-like) auditing for Linux"
• Next in thread: Crispin Cowan: "Re: c2 (or c2-like) auditing for Linux"
• Reply: Crispin Cowan: "Re: c2 (or c2-like) auditing for Linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 22:41:21 PST