From: Christian Stroetmann <stroetmann@ontolinux.com>
To: Kees Cook <kees.cook@canonical.com>
Cc: James Morris <jmorris@namei.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
linux-security-module <linux-security-module@vger.kernel.org>
Subject: Re: Preview of changes to the Security susbystem for 2.6.36
Date: Mon, 02 Aug 2010 19:33:26 +0200 [thread overview]
Message-ID: <4C570166.8050105@ontolinux.com> (raw)
In-Reply-To: <20100802163602.GU3948@outflux.net>
Hi Kees;
On the 02.08.2010 18:36, Kees Cook wrote:
> Hi Christian,
>
> On Mon, Aug 02, 2010 at 12:19:54PM +0200, Christian Stroetmann wrote:
>
>> But we discussed as well that the problem of chaining of small or
>> large LSMs is not an argument for the existence of the Yama LSM, and
>> that the LSM architecture should be developed further so that all of
>> the functionalities of other securtiy packages without an LSM can be
>> integrated as a whole by a new version of the LSM system in the
>> future and not by ripping them of like it was done with the Yama LSM
>> [3].
>> You can see these objections [3] as a second NAK, but now from a
>> company's developer (I haven't said this before, because I'm not a
>> hard core kernel developer).
>>
> I'm not sure I understand you, exactly. Are you saying that Yama should not
> exist because it might grow into a large LSM?
>
> -Kees
>
>
Sorry, but: No, you haven't. In fact we have these lines of discussion:
1. You said "Trying to chain comprehensive LSMs seems like it will
always fail, but putting little LSMs in front of big LSMs seems like an
easy win." And I said that "I don't think that the problem is if an LSM
is small or large."
2a. I said also "[...] you will put more and more functionalities, maybe
again taken from other packages, into your new LSM with the result that
at the end it will be a big LSM. And then?". Then after point 1. we have
a chaining problem of comprehensive LSMs, as you said.
2b. Otherwise, if we have no chaining problem as I said (see point 1.)
and your LSM becomes larger, then I said it is better to solve the
problem at the side of the LSM architecture and not be ripping off other
security packages and put their functionalities into LSMs like it was
done by the Yama LSM.
So that doesn't mean that the Yama LSM should not exist because it might
grow. It means: If the Yama LMS grows mainly by porting into it
functionalities of other security packages that actually have no
relation to the LSM system, then it should not exist in favor of a new
LSM architecture that enables the integration of those security
packages. The Yama LSM should not become a container of functionalities
of other already existing security packages. If you put only your own
security concepts and methodes into it, then its OK, for sure.
Also, the Yama LSM should not exist if it only dictates the structure of
the other LSMs, especially if it becomes large and in this way important
to be followed by only growing it with functionalities taken from other
security packages. If you say that the way of the Yama LSM is the right
way to do it in general, then we don't need a new LSM like Yama, but a
new LSM architecture.
Hopefully I could clearify it now a little bit better. Otherwise the
night is long :)
Best regards
Christian Stroetmann
next prev parent reply other threads:[~2010-08-02 17:29 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-30 8:59 Preview of changes to the Security susbystem for 2.6.36 James Morris
2010-08-02 2:18 ` James Morris
2010-08-02 6:32 ` Kees Cook
2010-08-02 6:41 ` James Morris
2010-08-02 6:57 ` Kees Cook
2010-08-02 10:19 ` Christian Stroetmann
2010-08-02 16:36 ` Kees Cook
2010-08-02 17:33 ` Christian Stroetmann [this message]
2010-08-03 17:07 ` Kees Cook
2010-08-02 18:08 ` Serge E. Hallyn
2010-08-02 18:50 ` Christian Stroetmann
2010-08-02 12:24 ` Christoph Hellwig
2010-08-02 16:59 ` Kees Cook
2010-08-02 18:34 ` David P. Quigley
2010-08-03 17:04 ` Kees Cook
2010-08-02 18:51 ` Valdis.Kletnieks
2010-08-03 16:50 ` Kees Cook
2010-08-03 21:38 ` Valdis.Kletnieks
2010-08-03 22:34 ` Kees Cook
2010-08-04 2:07 ` Valdis.Kletnieks
2010-08-04 2:55 ` Kees Cook
2010-08-04 3:54 ` Tetsuo Handa
2010-08-04 6:18 ` Valdis.Kletnieks
2010-08-04 7:00 ` Tetsuo Handa
2010-08-04 16:23 ` Valdis.Kletnieks
2010-08-04 12:21 ` Christian Stroetmann
2010-08-03 21:52 ` Christian Stroetmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C570166.8050105@ontolinux.com \
--to=stroetmann@ontolinux.com \
--cc=jmorris@namei.org \
--cc=kees.cook@canonical.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).