lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0710251328150.17781@fbirervta.pbzchgretzou.qr>
Date:	Thu, 25 Oct 2007 13:33:58 +0200 (CEST)
From:	Jan Engelhardt <jengelh@...putergmbh.de>
To:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
cc:	Adrian Bunk <bunk@...nel.org>, Alan Cox <alan@...rguk.ukuu.org.uk>,
	Andreas Gruenbacher <agruen@...e.de>,
	Bernd Petrovitsch <bernd@...mix.at>,
	Casey Schaufler <casey@...aufler-ca.com>,
	Chris Wright <chrisw@...s-sol.org>,
	Crispin Cowan <crispin@...spincowan.com>,
	Giacomo Catenazzi <cate@...ian.org>,
	James Morris <jmorris@...ei.org>,
	Jeremy Fitzhardinge <jeremy@...p.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-security-module@...r.kernel.org,
	Ray Lee <ray-lk@...rabbit.org>,
	Simon Arlott <simon@...e.lp0.eu>,
	Thomas Fricaccia <thomas_fricacci@...oo.com>
Subject: Re: LSM conversion to static interface



As I read through LWN today, I noted the following comment, 
http://lwn.net/Articles/255832/ :

	Personally, I think it's absolutely essential to be able to 
	build a kernel with dynamic LSM. Whether we like it or not, 
	people do want to add in runtime loadable security modules for 
	things like virus scanners, and until upstream offers these 
	folks a viable alternative to LSM...well, they'll use it.

Which reminded me of the TuxGuardian LSM[1] - another of the real-world 
uses to meet Linus's criteria? ("had examples of their real-world use to 
step forward and explain their use")

In this specific project, LSM is used to collect up calls to bind() and 
connect() and pass them to userspace, e.g. do it ZoneAlarm-style and 
display a dialog window. Its codebase is probably not too up-to-date 
(website says last change last April - but I guess that's a no-brainer 
to update it).

[1] http://tuxguardian.sf.net/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ