On Wed, 2005-06-15 at 15:49 -0500, [email protected] wrote:
> A long, long time ago, Crispin defined LSM's purpose as:
>
> >> Main goal : we have to design a generic framework to be able to use
> >> better
> >> security policies than the current ones (DAC and capabilities).
> >
> >Sort of. We have to design a generic interface that exports enough
> >kernel
> >functionality to allow security developers to go off and create these
> >better
> >security policy modules.
>
> Since IMA provides support for a new type of security policy,
> specifically remote system integrity verification, I don't see
> where LSM shouldn't necessarily be used.
IMA isn't an access control model. Also, LSM is overkill for its needs
in many ways (IMA only needs a few LSM hooks) and is inadequate in other
ways (LSM lacks a hook needed by IMA for measuring modules, although one
might argue that there could be benefit in adding such a hook to LSM
itself for access control purposes).
> I'm also curious about the current kernel development approach:
> On the one hand, when filesystem auditing was introduced, Christoph
> asked whether inotify and audit should be merged because they hook
> some of the same places. Can someone reconcile these points of view
> for me, please? If Reiner goes ahead and moves the IMA code straight
> into the kernel, does anyone doubt that he'll be asked to merge it
> with LSM?
>
> I'm not pushing one way or the other - I don't care whether IMA is
> an LSM or not :) I just don't understand the current climate.
If you look at the inotify patch, I think that they've moved the dnotify
hooks into a more generic set of fsnotify hooks that are leveraged by
both dnotify and inotify to reduce duplication in the core kernel. The
same approach could be used for hooks that would be co-located by audit
and LSM or by integrity measurement and LSM. Of course, you don't want
to blindly place the integrity measurement hooks at the same locations
if a different placement would be more optimal for your purposes, so
you'd want to give it some thought.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]