Re: Stacker module

From: Wade Yin (
Date: Thu Jun 19 2003 - 01:59:22 PDT

  • Next message: Crispin Cowan: "Re: Stacker module"

    > To support more than one module arbitrarily, you need a stacking module.
    > I developed one (called "stacker") as a proof-of-principle.
    > You can get the "stacker" module as it exists from:
    > However, although I've been monitoring the LSM mailing list,
    > I have _not_ tried to modify "Stacker" to keep it up-to-date,
    > so you'll need to modify it for it to work.
    > I agree with you, there are many cases where stacking makes sense.
    > In particular, I think it'd be helpful to have multiple small
    > modules that store no data - they simply forbid certain suspicious
    > activities.  If a module stores no data, then it's often
    > easy to combine with other things.  For example, imagine modules that:
    > * Forbid creation of files with certain characters (control chars,
    >    leading "-", shell metacharacters like "&").
    > * Forbid creating/linking of files in ways that create temp file
    >    problems (like OWLSM).
    > * Forbid execution of programs not in the root partition.
    > The key thing to making stacking fast is to do funny pointer
    > manipulations so that checking the modules doesn't require
    > grabbing a lock.  Once you do that, checking the modules is
    > simply walking a linked list & calling them - not a zero-cost
    > operation, but I expect it won't be bad.  However, the only
    > real test is to make it work & do a performance measure, something
    > I've never gotten around to doing.
    > Wade Yin: if you want to take over development of a stacker,
    > be my guest.
    Yes, I like to figure it out and do sth for that. Now I'm just doing my
    project here -- try to use some EA attributes to store the security
    infomation of file&program(that's another topic), if I can get time to
    do it(satcker) I will...
    In Multi policy modules,Maybe we should implement some hooks in a stack
    module as a primary module? 
    if any of the policy modules denied the access, the stack module return
    I got many details to try to make them clear now.
    About LSM: Maybe we should let it support other security policy, like
    audit and others,not only for access control? Maybe you got this plan
    already? There is anther project ACL&EA, Mr.Andreas try to save control
    info into extended attributes of inode, I thinks that's a nice idea to
    store all kinds of info, disk has hudge space to save them,but now there
    is only 1 block to use, that's a pity!! Or maybe we can connect this 2
    projects to provide the base framework for some other security policies?
    So many "maybe"s for I'm not sure this project is for or
    just a project for fans. :-)
    Wade Yin
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu Jun 19 2003 - 02:01:21 PDT