Re: [PATCH] remove sys_security

Crispin Cowan (crispin@wirex.com)
Fri, 18 Oct 2002 01:00:34 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David S. Miller: "Re: [PATCH] remove sys_security"
Previous message: Antti Tuominen: "Re: [PATCHSET] Mobile IPv6 for 2.5.43"
Maybe in reply to: Christoph Hellwig: "[PATCH] remove sys_security"
Next in thread: Crispin Cowan: "Re: [PATCH] remove sys_security"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig1BCE82564508C8FF24443A47
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

David S. Miller wrote:

>There is a very important fundamental difference to the USB case.
>It eats zero space in my kernel when I have no USB devices.
>CONFIG_USB=m works as designed!
>
>CONFIG_SECURITY=m still does not exist, so distribution makers have to
>make a y vs. n choice.
>
This was our design goal for LSM: to be as minimally intrusive to the
kernel as possible. We would LOVE to have a zero-footprint solution that
allowed users to enable LSM when they need it. More precisely, LSM is
that mechanism intended to impose as little overhead as possible with no
modules loaded, and provide adequate access to the modules when they are
loaded.

LSM is not zero-footprint, but it is as low as we could make it. We are
interested in ways to reduce the footprint, but that reduction needs to
be looked at in cost/benefit terms: changes that have very little impact
on footprint, but high impact on the functionality of the LSM interface.
If you remove this system call, you will save almost nothing in kernel
resources, but do a lot of damage to functionality.

On the other hand, the complaints about the typing of the arguments are
well taken, in the context of 32/64-bit porting issues. So what types
should the arguments be? Abstractly, they are integers, in the
mathematical sense. What is the preferred word-size-portalbe way to
express that?

Crispin

-- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html

--------------enig1BCE82564508C8FF24443A47 Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE9r7+q5ZkfjX2CNDARActtAJ98Cwx/Dkfl1TCbARxgM2HITBhSxgCfVlsw 9a6c6xaVuyNn+BQpDf7liy4= =1R7l -----END PGP SIGNATURE-----

--------------enig1BCE82564508C8FF24443A47--

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: David S. Miller: "Re: [PATCH] remove sys_security"
Previous message: Antti Tuominen: "Re: [PATCHSET] Mobile IPv6 for 2.5.43"
Maybe in reply to: Christoph Hellwig: "[PATCH] remove sys_security"
Next in thread: Crispin Cowan: "Re: [PATCH] remove sys_security"