Re: kernel stack challenge

From: Timothy Miller
Date: Mon Apr 05 2004 - 17:15:42 EST

Next message: Andrew Morton: "Re: Cleanup & (partly?) support swsusp for aic7xxx"
Previous message: Timothy Miller: "Re: kernel stack challenge"
In reply to: Randy.Dunlap: "Re: kernel stack challenge"
Next in thread: Sergiy Lozovsky: "Re: kernel stack challenge"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sergiy Lozovsky wrote:

--- Timothy Miller <miller@xxxxxxxxxxxxxx> wrote:

Sergiy Lozovsky wrote:

All LISP errors are incapsulated within LISP VM.

A LISP VM is a big, giant, bloated.... *CHOKE*
*COUGH* *SPUTTER* *SUFFOCATE* ... thing which SHOULD NEVER be in the
kernel.

It is a smallest interpreter (of all purpose language)
I was able to find. My guess is that you refer to the
Common Lisp. it is huge and I don't use it.

Did you separate out the parser out into a user-space daemon?

Also, if you want a regular programming language with an extremely small interpreter, try Forth.

Learning Forth should be at LEAST as much fun as learning LISP.

If you want to use a more abstract language for
describing kernel security policies, fine. Just don't use LISP.

Point me to ANy langage with VM around 100K.

I bet a Forth interpreter would be smaller.

And for something specialized like security policy, you could probably develop your own language and interpreter for it, and it would be smaller (and faster) still.

The right way to do it is this:

- A user space interpreter reads text-based config
files and converts them into a compact, easy-to-interpret code used by
the kernel.

- A VERY TINY kernel component is fed the security
policy and executes it.

it is exactly the way it is implemented. Not everyone
need to create their own security model (that VERY
TINY kernel component you refer to). But even for
those who want to modify or create their own VERY TINY
kernel component - they don't need to do that in C and
debug it in th kernel crashing it.

You misunderstand. When I say "VERY TINY kernel component", I'm referring to the interpreter. Done properly, the pcode for the policy itself would be microscopic.

Move as much of the processing as reasonable into
user space. It's absolutely unnecessary to have the parser into the
kernel, because parsing of the config files is done only when the
ASCII text version changes.

It's absolutely unnecessary to have something as
complex as LISP to interpret it, when something simple and compact
could do just as well.

Why do you choose LISP? Don't you want to use a
language that sysadmins will actually KNOW?

It was is) the smallest VM I know of.

Forth.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: Cleanup & (partly?) support swsusp for aic7xxx"
Previous message: Timothy Miller: "Re: kernel stack challenge"
In reply to: Randy.Dunlap: "Re: kernel stack challenge"
Next in thread: Sergiy Lozovsky: "Re: kernel stack challenge"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]