Re: [PATCH 1 of 4] ima: related TPM device driver interal kernelinterface

[Reiner Sailer]

James Morris <jmorris@xxxxxxxxxx> wrote on 05/20/2005 10:56:20 AM:

> Why are you using LSM for this?
> 
> LSM should be used for comprehensive access control frameworks which 
> significantly enhance or even replace existing Unix DAC security.

I see LSM is framework for security. IMA is an architecture that
enforces access control in a different way than SELinux. IMA guarantees 
that executable content is measured and accounted for before
it is loaded and can access (and possibly corrupt) system resources.

> We're going to end up with a proliferation of arbitrary security 
features 
> lacking an overall architectural view (I've written about this before, 
> see http://www.ussg.iu.edu/hypermail/linux/kernel/0503.1/0300.html).
>
> I think it would be better to implement this directly.

The reason IMA is implemented as a Linux security module is that the LSM
interface allows the least intrusive implementation with regard to existing
kernel code. IMA is non-intrusive (its hooks return always nicely) and 
implements security guarantees that are orthogonal to those of, e.g., 
SELinux. Interactions with other LSM users are not expected. Experience 
shows that maintining IMA as LSM is simple.

There is no reason though why IMA must use LSM; however, it seems not the
straightforward solution to replicate LSM hooks that are already 
available.

> 
> - James
> -- 
> James Morris
> <jmorris@xxxxxxxxxx>
> 
> 

Thanks
Reiner

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/