Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Michael Stone <michael <at> laptop.org>
Subject: A basic question about the security_* hooks
Newsgroups: gmane.linux.kernel.lsm
Date: Thursday 24th December 2009 02:29:02 UTC (over 8 years ago)
Dear kernel folks,

There are a variety of places where I'd like to be able to get the kernel
to
return EPERM more often [1]. Many of these places already have security
hooks.

Unfortunately, I don't feel that I can make effective use of these hooks
because they seem to be "occupied" by the large mandatory access control
frameworks.

I'm hoping that you can tell me why this state of affairs persists.

More specifically, now that LSMs are statically linked, why is it good for
the
security hooks to call into a single monolithic "security_ops" struct
instead
of cheaper and simpler alternatives?

In particular, what would be worse about a kernel in which each security
hook
contained nothing but conditionally-compiled function calls to the
appropriate
"real" implementation functions with early-exit jumps on non-zero return
codes?

Thanks,

Michael

[1]: Two examples include my recent network-privileges patches and Eric
Biederman's suggestions on how to make unprivileged unshare(CLONE_NEWNET)
safe.
I have little doubt that I'd think of more if I thought that the security
hooks
were accessible to me.
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
 
CD: 3ms