| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <29685.simon.1193747418@5ec7c279.invalid> Date: Tue, 30 Oct 2007 12:30:18 -0000 From: "Simon Arlott" <simon@...e.lp0.eu> To: "Cliffe" <cliffe@...net> Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: Defense in depth: LSM *modules*, not a static interface On Tue, October 30, 2007 07:14, Cliffe wrote: > And while I acknowledge that many of these layers are currently buried > within the kernel (netfilter...) they are security layers which in many > cases would probably make sense as stackable security modules. > > Making the interface static forces mammoth solutions which then must > attempt to solve all of the above in one ls*m*. What happened to > dividing tasks into easy to manage chunks? Would it be possible to have Kconfig select which LSM should handle each area of security? Selecting LSM A would automatically disable LSM B and C since they both implement the same security functions, while LSM D would still be selectable since it implements something else. The default capabilities code would then turn off parts of itself that another LSM is handling. Alternatively the M in LSM can be restored and modules can be stacked. It should be possible for the primary LSM to check the security_ops of the secondary LSM(s) and complain if it considers there to be an incompatiblity. -- Simon Arlott - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists