Re: Linux Security Module Framework (Was: LSM conversion tostatic interface)

From: Serge E. Hallyn
Date: Mon Nov 05 2007 - 08:29:24 EST

Next message: Vaidyanathan Srinivasan: "2.6.24-rc1 on PPC64: machine check exception"
Previous message: Jesper Nilsson: "[PATCH] CRIS: Remove MTD_AMSTD and MTD_OBSOLETE_CHIPS"
In reply to: Andrew Morgan: "Re: Linux Security *Module* Framework (Was: LSM conversion to staticinterface)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Andrew Morgan (morgan@xxxxxxxxxx):
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Peter Dolding wrote:
> > On 11/1/07, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> >> --- Peter Dolding <oiaohm@xxxxxxxxx> wrote:
> >> Posix capabilities predate SELinux. SELinux is not interested in
> >> Posix capabilities.
> >>
> >>> But no IBM had to do it.
> >> Err, no. It was done by Andrew Morgan back in the dark ages.
> >> Why on earth do you think IBM did it?
> >
> > Posix file capabilities the option to replace SUID bit with something
> > more security safe only handing out segments of root power instead of
> > the complete box and dice like SUID. Even different on a user by user
> > base.
> >
> > Posix capabilites is what Posix file capabilities is based on. Yes I
> > know the words appear close. The word file is important. Please read
> > Website. http://www.ibm.com/developerworks/linux/library/l-posixcap.html
>
> For the record, I think you are both right. I took a stab at it back
> when Casey and I first met:
>
> ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/old/kernel-2.4-fcap/README
>
> all that stuff worked fine it was just a bit ahead of its time...
>
> - From memory, at that point in time "extended attributes" were an
> external patch, and having some trouble getting merged. My sense was
> that EA was a pre-requisite and I was happy to wait for that support to
> become integrated before pushing my file capability support.
>
> In the midst of all this LSM emerged as a reaction to Linus' clear
> unhappiness about all extensions security. I didn't have the time to
> participate in the LSM, and my work sat in the form of these patches.
>
> SELinux at that time existed as a separate infrastructure, and evidently
> did have the time to embrace LSM.
>
> > IBM coders worked and got it into the main line really recently to
> > provide at least some way to avoid fault of SUID of course it could
>
> [...]
>
> So, yes, IBM (Serge) deserve full credit for starting over, and getting
> it merged...

There are still pieces to line up. Note that Andrew Morgan is working
on a patch to make the securebits per-process to make capabilities
more useful as well as a 64-bit capability patch. And the support in
tree to date would be riddled with gotchas without Andrew Morgan's,
Stephen Smalley's, and Casey Schaufler's input.

-serge

(But hey, thanks :)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vaidyanathan Srinivasan: "2.6.24-rc1 on PPC64: machine check exception"
Previous message: Jesper Nilsson: "[PATCH] CRIS: Remove MTD_AMSTD and MTD_OBSOLETE_CHIPS"
In reply to: Andrew Morgan: "Re: Linux Security *Module* Framework (Was: LSM conversion to staticinterface)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Re: Linux Security *Module* Framework (Was: LSM conversion tostatic interface)

Re: Linux Security Module Framework (Was: LSM conversion tostatic interface)