Re: Security hooks, "standard linux security" & embedded use

Anton Altaparmakov (aia21@cam.ac.uk)
Thu, 12 Jul 2001 20:04:05 +0100

At 19:47 12/07/2001, Greg KH wrote:
>On Thu, Jul 12, 2001 at 07:37:36PM +0100, Anton Altaparmakov wrote:
> >
> > This seems very good in view of implementing ACL support for NTFS, too. -
> > We have all the NTFS layout knowledge to do it now. We just lack the
> > kernel/user space infrastructure.
> >
> > When designing this modular security infrastructure it would be useful if
> > it is made generic enough to allow callbacks into user space for
> permission
> > checking.
>
>The current model lets you do whatever you want in your kernel module.
>It imposes no policy, that's up to you.

Ok, that's fair enough. A wrapper module could always be written that then
in turn invokes user space. That's good enough for me although it makes for
additional overhead but I guess that is not too bad.

>All the better to keep userspace callbacks for security out of my
>kernels, for that way is ripe for problems (for specific examples why,
>see the linux-security-module mailing list archives.)

Oh, sure. There are problems. I don't deny that. But I am not too sure that
those problems outweigh the problems created by putting in huge amounts of
code into the kernel which could live outside it just as well. - IMHO the
kernel should be as small as possible rather than contain everything under
the sun just because it's easier to do that way...

Best regards,

Anton

-- 
   "Nothing succeeds like success." - Alexandre Dumas

-- 
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Linux NTFS Maintainer / WWW: http://linux-ntfs.sf.net/
ICQ: 8561279 / WWW: http://www-stu.christs.cam.ac.uk/~aia21/


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/