Re: Thoughts on the "No Linux Security Modules framework" oldclaims

From: Stephen Smalley
Date: Wed Feb 16 2005 - 08:39:18 EST


On Wed, 2005-02-16 at 08:29, Lorenzo HernÃndez GarcÃa-Hierro wrote:
> Yes, there are many cases that apply to such scenario and context, this
> may be worth to work on, but think it's main shortcoming is that it cuts
> performance and adds further overlapping to the DAC checks, that should
> be the first ones being called (as most times they do) and then apply
> the LSM basis, so, post-processing will be only required if the DAC
> checks get in override or passed, without adding too-much overhead to
> the current behavior.
>
> So, I just agree partially, but yes, maybe modifying the DAC checks
> themselves and add what-ever-else helper function to handle by-default
> auditing in certain operations could be interesting.

Audit is being handled by a separate audit framework, not by LSM. There
is already support in the Linux 2.6 kernel for auditing at syscall exit
(thereby guaranteeing that you capture the final return value in all
cases), with the ability of an LSM to enable such auditing for a
particular event from its hook functions. Further, there is ongoing
work (see the linux-audit mailing list) for a set of audit-related hooks
that will allow auditing based on object identity and the requested mode
separate from any particular LSM.

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/