Re: [PATCH] remove sys_security

Crispin Cowan (crispin@wirex.com)
Mon, 21 Oct 2002 14:12:50 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew Morton: "Re: ZONE_NORMAL exhaustion (dcache slab)"
Previous message: Michael Thorpe: "FusionMPT in 2.4.18"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig82E27E025063FB50546F4CBD
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Alan Cox wrote:

>On Thu, 2002-10-17 at 21:10, Greg KH wrote:
>
>
>>Ok, I think it's time for someone who actually cares about the security
>>syscall to step up here to try to defend the existing interface. I'm
>>pretty sure Ericsson, HP, SELinux, and WireX all use this, so they need
>>to be the ones defending it.
>>
>>
>The existing interface is basically the one Linus asked for, although
>perhaps with a little less thought on the structure side than it would
>have benefitted
>
The intent behind the syscall interface was that it needed to be generic
enough to support the 50+ syscalls that SELinux wants, and also be
generic enough to support potential modules that have not been invented
yet. That's why it is a MUX, and why the signature definition is enough
to deal with stacked modules and then pass a generic argv list to the
module itself.

Unfortunately, this design goal (highly generic interface) is
incompatible with the 32/64 bit transparancy layer that several
supported architectures need. As Christoph says, this is unfixable.
IMHO, it is unfixable because of conflicting design goals: you cannot
have a truly generic syscall interface and hope for it to port clean
from 32 bits to 64 bits.

Therefore, the sys_security syscall has been removed. LSM-aware
applications that want to talk to security modules can do so through a
file system interface. This will work for WireX, and Smalley says it
will work for SELinux. I hope it will work for others.

Again, my thanks for eveyone's help in cleaning up this issue, and my
apologies to anyone I may have offended. We should have thought about
the 32/64 bit issue when we defined that interface. Kudos to Greg K-H,
who told me that this syscall would be a problem.

Thanks,
Crispin

--------------enig82E27E025063FB50546F4CBD
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE9tG3b5ZkfjX2CNDARASNdAKCwdQvWx7puvMaDoBenNjVjnTyDJACdEPj0
anA1Ri+pl+hLuSROSHPbdko=
=GXuV
-----END PGP SIGNATURE-----

--------------enig82E27E025063FB50546F4CBD--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: ZONE_NORMAL exhaustion (dcache slab)"
Previous message: Michael Thorpe: "FusionMPT in 2.4.18"