Re: kernel stack challenge

From: Sergiy Lozovsky
Date: Mon Apr 05 2004 - 16:48:14 EST



--- Chris Wright <chrisw@xxxxxxxx> wrote:
> * Sergiy Lozovsky (serge_lozovsky@xxxxxxxxx) wrote:
> > No :-) What you suggest is kernel should receive
> > system call from user space. Instead of handling
> it -
> > kernel should forward it back to userspace, than
> it
> > should be forwarded back to the kernel. Looks not
> very
> > nice to me. Why not to handle security policy
> inside
> > the kernel as it is done for the file permissions
> and
> > root priveleges?
>
> All this can be done w/out having a LISP
> interpretter coming along for the
> ride, that's the point of the other posters. With
> LSM you have a
> framework for implementing your own security model
> and enforcing your own
> policies.

LSM use another way of doing similar things :-) I'm
not sure that it is nice to forward system calls back
to userspace where they came from in the first place
:-) VXE use high level language to create security
models.

And what are the problems with technology used by VXE?
File permissions are checked in the kernel and
everybody are happy with that. VXE just extends
security features already available in the kernel.

There is a historic part to all that, too - VXE was
created (1999) before SELinux was available.

Serge.

__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway
http://promotions.yahoo.com/design_giveaway/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/