Re: [crispin@WIREX.COM: Linux Security Module Interface]


From: Volckov Konstantin Michailovich <goldhead@altlinux.ru>
Subject: Re: [crispin@WIREX.COM: Linux Security Module Interface]
Date: Sat, 28 Apr 2001 12:06:41 +0400

Next Article (by Author): A Little question... Wagner Endre
Previous Article (by Author): Question "Vitalik Shakhov"
Next in Thread: Re: [crispin@WIREX.COM: Linux Security Module Interface] Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Hi!

Here is some intresting forward.

> ----- Forwarded message from Crispin Cowan <crispin@WIREX.COM> -----
>
> Date:         Tue, 10 Apr 2001 17:04:12 -0700
> From: Crispin Cowan <crispin@WIREX.COM>
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject:      Linux Security Module Interface
> Approved-By: aleph1@SECURITYFOCUS.COM
> Delivered-To: bugtraq@lists.securityfocus.com
> Delivered-To: BUGTRAQ@SECURITYFOCUS.COM
> X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.18-1_imnx_5_crispin i686)
> X-Accept-Language: en
> Reply-To: crispin@WIREX.COM
> Organization: WireX Communications, Inc.
>
> One of the byproducts of the Linux 2.5 Kernel Summit
> http://lwn.net/2001/features/KernelSummit/ was the notion of an
> enhancement of the loadable kernel module interface to facilitate
> security-oriented kernel modules.  The purpose is to ease the tension
> between folks (such as Immunix and SELinux) who want to add substantial
> security capabilities to the kernel, and other folks who want to
> minimize kernel bloat & have no use for such security extensions.
>
> Modules that can be loaded, or not, are the obvious solution, but the
> current LKM does not export sufficient hooks to support many security
> mechanisms.  Thus many current security enhancements end up existing as
> kernel patches, which marginalizes their utility by making distribution
> problematic. The proposed solution is to enhance the LKM with a variety
> of new kernel elements exported to the module interface, so as to
> support a reasonable variety of security enhancements.
>
> We have started a new mailing list called linux-security-module.  The
> charter is to design, implement, and maintain suitable enhancements to
> the LKM to support a reasonable set of security enhancement packages.
> The prototypical module to be produced would be to port the POSIX Privs
> code out of the kernel and make it a module.  An essential part of this
> project will be that the resulting work is acceptable for the mainline
> Linux kernel.
>
> The list is open to all.  You can subscribe here
> http://mail.wirex.com/mailman/listinfo/linux-security-module or by
> sending e-mail to linux-security-module-request@wirex.com with a subject
> of "subscribe".
>
> Crispin
>
> --
> Crispin Cowan, Ph.D.
> Chief Scientist, WireX Communications, Inc. http://wirex.com
> Security Hardened Linux Distribution:       http://immunix.org
>
> ----- End forwarded message -----

2 Amon: What do you think about it?

Good luck,
Konstantin

ALT Linux kernel24 maintainer.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): A Little question... Wagner Endre
Previous Article (by Author): Question "Vitalik Shakhov"
Next in Thread: Re: [crispin@WIREX.COM: Linux Security Module Interface] Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.