Re: Out of tree module using LSM

From: tvrtko . ursulin
Date: Thu Nov 29 2007 - 11:13:19 EST

Next message: Daniel Drake: "[RFC v2] Documentation about unaligned memory access"
Previous message: Alan Stern: "Re: [linux-usb-devel] [BUG] USB_PERSIST"
In reply to: Alan Cox: "Re: Out of tree module using LSM"
Next in thread: James Morris: "Re: Out of tree module using LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote on 28/11/2007 19:50:42:

> > So as there is no question the current code does some ugly things it
is
> > even more true that we would be even more happy to use an official
API.
> > LSM was that and we were happily using it which we won't be able to do
if
> > it abruptly goes away. Yes it is not a perfect match but until it is
> > modified to be better, or until something appropriate is designed and
> > implemented, it would be very nice if it could stay.
>
> So for an SELinux based system what you are saying is you want to be
able
> to stack your module with the SELinux module and after SELinux has
> considered policy rules still be able to veto them on the grounds that
> you are say about to serve a virus to a windows box ?

Basically yes but the effective scenario is a bit wider. Local actions
like disallowing execution of rootkits, exploits and other similar malware
are also interesting. Another example would be enforcing a corporate
policy on which IM clients shouldn't be used so it is not just fileserver
scenario in which Linux machines can be compromised.

But really I am not the best person to know all current attack vectors.
Overall set of requirements and ideas is something we are working on with
other vendors and hopefully with the community. This is one of the two
main things my original post was about.

--
Tvrtko August Ursulin
Senior Software Engineer, Sophos

"Views and opinions expressed in this email are strictly those of the
author.
The contents has not been reviewed or approved by Sophos."

Tel: 01235 559933
Web: www.sophos.com
Protecting business against viruses, spyware, spam and policy abuse

Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon,
OX14 3YP, United Kingdom.

Company Reg No 2096520. VAT Reg No GB 348 3873 20.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Drake: "[RFC v2] Documentation about unaligned memory access"
Previous message: Alan Stern: "Re: [linux-usb-devel] [BUG] USB_PERSIST"
In reply to: Alan Cox: "Re: Out of tree module using LSM"
Next in thread: James Morris: "Re: Out of tree module using LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]