Fwd: [Linux Security Module Interface]


From: Fabrice MARIE <fabrice@celestix.com>
Subject: Fwd: [Linux Security Module Interface]
Date: Wed, 11 Apr 2001 11:51:45 +0800

Next Article (by Date): uml "john huttley"
Previous Article (by Date): syslog-ng Bencsath Boldizsar
Next in Thread: Re: Fwd: [Linux Security Module Interface] Sebastian Andersson
Articles sorted by: [Date] [Author] [Subject]


What do you think about that ?
Would it make RSBAC more widely used ?
Is it a security threat to enable this kind
of security feature at the module level ?
What about a box without RSBAC/SElinux/StJude
that would be rooted ... an attacker would have
even more evil power with your kernel ?
What do you guys think ?

Fabrice.
-------- Original Message --------
Subject: Linux Security Module Interface
Date: Tue, 10 Apr 2001 17:06:26 -0700
From: Crispin Cowan <crispin@wirex.com>
Reply-To: securedistros@nl.linux.org
Organization: WireX Communications, Inc.
To: Secure Distros <securedistros@nl.linux.org>

One of the byproducts of the Linux 2.5 Kernel Summit
http://lwn.net/2001/features/KernelSummit/ was the notion of an
enhancement of the loadable kernel module interface to facilitate
security-oriented kernel modules.  The purpose is to ease the tension
between folks (such as Immunix and SELinux) who want to add substantial
security capabilities to the kernel, and other folks who want to
minimize kernel bloat & have no use for such security extensions.

Modules that can be loaded, or not, are the obvious solution, but the
current LKM does not export sufficient hooks to support many security
mechanisms.  Thus many current security enhancements end up existing as
kernel patches, which marginalizes their utility by making distribution
problematic. The proposed solution is to enhance the LKM with a variety
of new kernel elements exported to the module interface, so as to
support a reasonable variety of security enhancements.

We have started a new mailing list called linux-security-module.  The
charter is to design, implement, and maintain suitable enhancements to
the LKM to support a reasonable set of security enhancement packages.
The prototypical module to be produced would be to port the POSIX Privs
code out of the kernel and make it a module.  An essential part of this
project will be that the resulting work is acceptable for the mainline
Linux kernel.

The list is open to all.  You can subscribe here
http://mail.wirex.com/mailman/listinfo/linux-security-module or by
sending e-mail to linux-security-module-request@wirex.com with a subject
of "subscribe".

Crispin

--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org



-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/

-------------------------------------------------------

-- 
Fabrice MARIE
R&D Engineer
Celestix Networks
http://www.celestix.com/

"Silly hacker, root is for administrators" 
       -Unknown
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): uml "john huttley"
Previous Article (by Date): syslog-ng Bencsath Boldizsar
Next in Thread: Re: Fwd: [Linux Security Module Interface] Sebastian Andersson
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.