[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <29685.simon.1193747418@5ec7c279.invalid>
Date: Tue, 30 Oct 2007 12:30:18 -0000
From: "Simon Arlott" <simon@...e.lp0.eu>
To: "Cliffe" <cliffe@...net>
Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: Defense in depth: LSM *modules*, not a static interface
On Tue, October 30, 2007 07:14, Cliffe wrote:
> And while I acknowledge that many of these layers are currently buried
> within the kernel (netfilter...) they are security layers which in many
> cases would probably make sense as stackable security modules.
>
> Making the interface static forces mammoth solutions which then must
> attempt to solve all of the above in one ls*m*. What happened to
> dividing tasks into easy to manage chunks?
Would it be possible to have Kconfig select which LSM should handle each
area of security? Selecting LSM A would automatically disable LSM B and
C since they both implement the same security functions, while LSM D
would still be selectable since it implements something else. The default
capabilities code would then turn off parts of itself that another LSM
is handling.
Alternatively the M in LSM can be restored and modules can be stacked.
It should be possible for the primary LSM to check the security_ops of the
secondary LSM(s) and complain if it considers there to be an incompatiblity.
--
Simon Arlott
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists