[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20071105132906.GA26078@sergelap.austin.ibm.com>
Date: Mon, 5 Nov 2007 07:29:06 -0600
From: "Serge E. Hallyn" <serue@...ibm.com>
To: Andrew Morgan <morgan@...nel.org>
Cc: Peter Dolding <oiaohm@...il.com>, casey@...aufler-ca.com,
Toshiharu Harada <haradats@...il.com>,
Crispin Cowan <crispin@...spincowan.com>,
linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: Linux Security *Module* Framework (Was: LSM conversion to
static interface)
Quoting Andrew Morgan (morgan@...nel.org):
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Peter Dolding wrote:
> > On 11/1/07, Casey Schaufler <casey@...aufler-ca.com> wrote:
> >> --- Peter Dolding <oiaohm@...il.com> wrote:
> >> Posix capabilities predate SELinux. SELinux is not interested in
> >> Posix capabilities.
> >>
> >>> But no IBM had to do it.
> >> Err, no. It was done by Andrew Morgan back in the dark ages.
> >> Why on earth do you think IBM did it?
> >
> > Posix file capabilities the option to replace SUID bit with something
> > more security safe only handing out segments of root power instead of
> > the complete box and dice like SUID. Even different on a user by user
> > base.
> >
> > Posix capabilites is what Posix file capabilities is based on. Yes I
> > know the words appear close. The word file is important. Please read
> > Website. http://www.ibm.com/developerworks/linux/library/l-posixcap.html
>
> For the record, I think you are both right. I took a stab at it back
> when Casey and I first met:
>
> ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/old/kernel-2.4-fcap/README
>
> all that stuff worked fine it was just a bit ahead of its time...
>
> - From memory, at that point in time "extended attributes" were an
> external patch, and having some trouble getting merged. My sense was
> that EA was a pre-requisite and I was happy to wait for that support to
> become integrated before pushing my file capability support.
>
> In the midst of all this LSM emerged as a reaction to Linus' clear
> unhappiness about all extensions security. I didn't have the time to
> participate in the LSM, and my work sat in the form of these patches.
>
> SELinux at that time existed as a separate infrastructure, and evidently
> did have the time to embrace LSM.
>
> > IBM coders worked and got it into the main line really recently to
> > provide at least some way to avoid fault of SUID of course it could
>
> [...]
>
> So, yes, IBM (Serge) deserve full credit for starting over, and getting
> it merged...
There are still pieces to line up. Note that Andrew Morgan is working
on a patch to make the securebits per-process to make capabilities
more useful as well as a 64-bit capability patch. And the support in
tree to date would be riddled with gotchas without Andrew Morgan's,
Stephen Smalley's, and Casey Schaufler's input.
-serge
(But hey, thanks :)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists