Re: Out of tree module using LSM

Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote on 28/11/2007 19:50:42:

So as there is no question the current code does some ugly things it
is
even more true that we would be even more happy to use an official
API.
LSM was that and we were happily using it which we won't be able to do
if
it abruptly goes away. Yes it is not a perfect match but until it is
modified to be better, or until something appropriate is designed and
implemented, it would be very nice if it could stay.

So for an SELinux based system what you are saying is you want to be
able
to stack your module with the SELinux module and after SELinux has
considered policy rules still be able to veto them on the grounds that
you are say about to serve a virus to a windows box ?

Basically yes but the effective scenario is a bit wider. Local actions
like disallowing execution of rootkits, exploits and other similar malware
are also interesting. Another example would be enforcing a corporate
policy on which IM clients shouldn't be used so it is not just fileserver
scenario in which Linux machines can be compromised.

But really I am not the best person to know all current attack vectors.
Overall set of requirements and ideas is something we are working on with
other vendors and hopefully with the community. This is one of the two
main things my original post was about.

--
Tvrtko August Ursulin
Senior Software Engineer, Sophos

"Views and opinions expressed in this email are strictly those of the
author.
The contents has not been reviewed or approved by Sophos."

Tel: 01235 559933
Web: www.sophos.com
Protecting business against viruses, spyware, spam and policy abuse


Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon,
OX14 3YP, United Kingdom.

Company Reg No 2096520. VAT Reg No GB 348 3873 20.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages

  • Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel
    ... Smack is the makeup of the full list that would be required here. ... "execute" for the full list of SELinux object classes found here: ... SELinux policy and a list of labels which expresses that policy. ... label is permitted. ...
    (Linux-Kernel)
  • Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel
    ... required by SELinux policy. ... Smack is designed to treat objects as consistantly as is reasonable. ... label is permitted. ...
    (Linux-Kernel)
  • Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel
    ... Part of the point of Smack is the makeup of the full list that would be required here. ... "execute" for the full list of SELinux object classes found here: http://www.tresys.com/selinux/obj_perms_help.html ... "doesnt-need-protection" in your policy language, I can write an SELinux policy and a list of labels which expresses that policy. ... Any access requested by a task on an object with the same label is permitted. ...
    (Linux-Kernel)
  • Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel
    ... I am not going to argue that SELinux is not a capable ... nuances of SELinux policy if you actually spelled out the whole ... Smack is the makeup of the full list that would be required here. ... The MLS systems of the 1990s did that, ...
    (Linux-Kernel)
  • Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
    ... >> define policy so that your unrestricted users must have access to every ... >> label, and every time you create a new label you need to go back to all ... if you can do all the policy design in advance then SELinux is a great solution. ... if the AA policies can be compiled into SELinux policies that would work but the compile process leaves room for more bugs in an areas that's going to be hard to investigate. ...
    (Linux-Kernel)