Re: c2 (or c2-like) auditing for Linux

From: Chris Wright (chrisat_private)
Date: Wed Jan 29 2003 - 22:39:34 PST

  • Next message: Chris Wright: "Re: c2 (or c2-like) auditing for Linux"

    * Seth Arnold (sarnoldat_private) wrote:
    > On Wed, Jan 29, 2003 at 10:34:30PM -0500, Valdis.Kletnieksat_private wrote:
    > > We recently had a rework of the LSM code such that it added zero executable
    > > unless you asked for LSM in the .config.  Would Linus be more receptive
    > > if audit was similarly implemented?
    > Performance isn't everything. I've heard a bit of reluctance on the
    > part of kernel maintainers for the existing LSM hooks; adding dozens of
    > new hooks for auditing purposes is a significant amount of new source,
    > even if none of it ever makes it to the standard user's compiled kernel.
    I agree.  It's not just runtime overhead that's a concern, but also
    source code maintainability.
    Linux Security Modules
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 22:41:21 PST