Re: kernel stack challenge

From: Sergiy Lozovsky
Date: Tue Apr 06 2004 - 13:09:25 EST



--- Horst von Brand <vonbrand@xxxxxxxxxxxx> wrote:
> Sergiy Lozovsky <serge_lozovsky@xxxxxxxxx> said:
> > --- John Stoffel <stoffel@xxxxxxxxxx> wrote:
> > > >>>>> "Sergiy" == Sergiy Lozovsky
> > > <serge_lozovsky@xxxxxxxxx> writes:
>
> [...]
>
> > UNIX security policy is already implemented in the
> > Kernel,
>
> Basic mechanism, not policy.

In case of VXE even mechanism is not stored inside the
kernel! This was the main goal - not to store(encode)
security model (mechanism) in the kernel. In VXE it is
loadable as well as particular security policy. It
loads on demand (during the start of subsystem) and
unloads when subsystem ends it work.

When susbsytem doesn't run - model and policy are
stored as a file.

VXE allow to preload model and policy if that is
desired, but it's just one of the options.


>
> Policy has no place inside the kernel.

Root privileges (ability to send a signal to any
process, access any file and so on) are encoded in the
kernel.

> [...]
>
> > > Then *WHY* does the LISP interpreter need to be
> in
> > > the kernel in the
> > > first place? Hint, you just said you wanted to
> > > protect the kernel...
> >
> > All LISP errors are incapsulated within LISP VM.
>
> They aren't. A bad kprintf(), or a call to the wrong
> function inside the
> kernel, or fiddling with the wrong data structure,
> and you are toast.

No. LISP program can't call kprintf. Only VM can. LISP
program prints information into string buffer of
limited size and VM uses snprintf for that. When
buffer is full or there is \n - VM calls kprintf.

So all interaction with the kernel goes via VM.
Investing some time into carefull parameter check in
VM allows to avoid the same work for each new
application.

VM is not 100% foolproof - I don't claim that, but it
reduces problems which a new application (within the
kernel) can cause.

Serge.

__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway
http://promotions.yahoo.com/design_giveaway/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/