Re: [RFC][PATCH] Extended Attributes for Security Modules

richard offer (offer@sgi.com)
Tue, 15 Apr 2003 09:58:04 -0700


* frm sds@epoch.ncsc.mil "04/15/03 09:41:48 -0400" | sed '1,$s/^/* /'
*
*
* Note that LSM intentionally does not provide any mechanism itself for
* sharing the security fields of the kernel data structures. Stacking has
* to be handled by the principal security module.

I see modules as empheral, but attritbutes as permanant. If I'm running one
LSM module, I reboot and use a different LSM module, what happens to the
attributes that the first module added to the file ?

Either we should guarantee that modules only touch attributes they know
about---ignoring all others (but not overwriting them), or we have separate
namespaces for each module's attributes.

Stacking modules will work with either scheme, but its seems to be that
switching policies over a reboot could easily be broken by a scheme that
shared a single namespace.

* --
* Stephen Smalley <sds@epoch.ncsc.mil>
* National Security Agency

richard.

-- 
-----------------------------------------------------------------------
Richard Offer                     Technical Lead, Trust Technology, SGI
"Specialization is for insects"
_______________________________________________________________________

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/