Re: kernel stack challenge
From: Timothy Miller
Date: Mon Apr 05 2004 - 16:14:04 EST
Sergiy Lozovsky wrote:
All LISP errors are incapsulated within LISP VM.
A LISP VM is a big, giant, bloated.... *CHOKE* *COUGH* *SPUTTER*
*SUFFOCATE* ... thing which SHOULD NEVER be in the kernel.
If you want to use a more abstract language for describing kernel
security policies, fine. Just don't use LISP.
The right way to do it is this:
- A user space interpreter reads text-based config files and converts
them into a compact, easy-to-interpret code used by the kernel.
- A VERY TINY kernel component is fed the security policy and executes it.
Move as much of the processing as reasonable into user space. It's
absolutely unnecessary to have the parser into the kernel, because
parsing of the config files is done only when the ASCII text version
changes.
It's absolutely unnecessary to have something as complex as LISP to
interpret it, when something simple and compact could do just as well.
Why do you choose LISP? Don't you want to use a language that sysadmins
will actually KNOW?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/