Re: [PATCH] remove sys_security

Crispin Cowan (crispin@wirex.com)
Fri, 18 Oct 2002 00:04:00 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: george anzinger: "[PATCH 2/2] High-res-timers part 2 (x86 platform code) take 6"
Previous message: Osamu Tomita: "RE: [PATCH][RFC] add support for PC-9800 architecture (20/26) ser"
Maybe in reply to: Christoph Hellwig: "[PATCH] remove sys_security"
Next in thread: Crispin Cowan: "Re: [PATCH] remove sys_security"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigC84BE6F65036E67936B49E99
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Christoph Hellwig wrote:

>On Thu, Oct 17, 2002 at 01:10:31PM -0700, Greg KH wrote:
>
>
>>>>How would they be done differently now? Multiple different syscalls?
>>>>
>>>>
>>>Yes.
>>>
>>>
>>Hm, in looking at the SELinux documentation, here's a list of the
>>syscalls they need:
>> http://www.nsa.gov/selinux/docs2.html
>>
>>That's a lot of syscalls :)
>>
>>
>I know. but hiding them doesn't make them any better..
>
Actuall, yes it does, and that is the point. You don't have to like
SELinux's system calls, or any other module's syscalls. The whole point
of LSM was to decouple security design from the Linux kernel development.

There are a butt-load of different access control models, and many of
them are not compatible with one another. You wouldn't want to support
them all--that would be serious bloat. So instead, LSM lets each user
choose the model that suits them:

* server users can choose a highly secure model
* workstation users can choose something desktop oriented
* embedded people can choose nothing at all, or the specific
narrow-cast model that they need

On the other hand: what is the big cost here? One system call. Isn't
that actually *lower* overhead than the (say) half dozen
security-oriented syscalls we might convince you to accept if we drop
the sys_security syscall as you suggest? Why the fierce desire to remove
something so cheap?

Crispin

-- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html

--------------enigC84BE6F65036E67936B49E99 Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE9r7Jp5ZkfjX2CNDARAQdaAJ4h2wU6j66EGH1kjPoP4nfNd8U5TQCfS0rP d7GrvMlnI2gOz1WIZGqnD1w= =a9fm -----END PGP SIGNATURE-----

--------------enigC84BE6F65036E67936B49E99--

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: george anzinger: "[PATCH 2/2] High-res-timers part 2 (x86 platform code) take 6"
Previous message: Osamu Tomita: "RE: [PATCH][RFC] add support for PC-9800 architecture (20/26) ser"
Maybe in reply to: Christoph Hellwig: "[PATCH] remove sys_security"
Next in thread: Crispin Cowan: "Re: [PATCH] remove sys_security"