Re: Integrating securelevel and kauth(9)

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Bill Studenmund <wrstuden@...>

Cc: <tech-security@...>, <tech-kern@...>

Subject: Re: Integrating securelevel and kauth(9)

Date: Friday, March 24, 2006 - 6:44 pm

On Fri, Mar 24, 2006 at 07:56:27PM +0200, Elad Efrat wrote:
quoted text> Hello,
>=20
> Outlined in this mail is my proposal for integrating the traditional BSD
> securelevel with the kauth(9) interface.

Thank you. This is a good document to spur discussion.

quoted text>      By changing the meaning of securelevel, a third-party LKM no longer
>      has anything to refer to as a "system security level". I offer two
>      possible solutions:
>=20
>      (a) The securelevel variable will be maintained as "third-party LKM
>          securelevel", maintained only for backwards binary
>          compatibility. It will have no meaning in the NetBSD kernel,
>          but will retain the raise-only property of the current
>          securelevel.
>=20
>      (b) Third-party LKMs will be encouraged to remove references to
>          securelevel and use the kauth(9) interface, possibly with the
>          operation they want guarded from the list of common operations
>          for the system scope.
>=20
>          We can always add more operations to the system scope if they
>          are needed, however authors of third-party LKMs that heavily
>          depend on securelevel's multiple levels will be advised to make
>          use of the new kauth(9) interface's ability to introduce new
>          scopes to the system.

My understanding is that kauth will go into the kernel after 4.0 branches.=
=20
Probably just after.

Given that, I actually think it'd be fine to just go with option (b). The=
=20
problem I see with (a) is that it's easy to map a securelevel set request=
=20
(sysctl -w kern.securelevel=3Dfoo) to a bitmap, it's not so easy to do the=
=20
opposite. Since we don't know exactly what aspect of securelevel the LKM=20
is interested in, it's hard to say what securelevel a given LKM should=20
see.

So my suggestion is to make LKMs change. Include a quick description of=20
how to change them (the define you gave was good) and a mapping of what=20
you can find now (if you were interested in making sure ioctl's could=20
happen, you make this call. If you are interested in the ability to access=
=20
devices when others are busy, you make that call).

If this goes into 4.0, then I think you're right and we need both.

Take care,

Bill

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Integrating securelevel and kauth(9), Elad Efrat, (Fri Mar 24, 1:56 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sat Mar 25, 12:42 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 2:29 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sat Mar 25, 3:04 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 3:10 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sat Mar 25, 3:40 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 3:50 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sat Mar 25, 4:54 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 5:08 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sun Mar 26, 6:45 am)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sun Mar 26, 1:57 pm)

Re: Integrating securelevel and kauth(9), Robert Watson, (Tue Mar 28, 7:34 am)

Re: Integrating securelevel and kauth(9), David Laight, (Tue Mar 28, 1:29 pm)

Re: Integrating securelevel and kauth(9), Robert Watson, (Tue Mar 28, 1:36 pm)

Re: Integrating securelevel and kauth(9), Daniel Carosone, (Tue Mar 28, 4:36 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sun Mar 26, 4:56 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sun Mar 26, 5:58 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Mon Mar 27, 6:57 am)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Mon Mar 27, 6:47 pm)

Re: Integrating securelevel and kauth(9), Matt Thomas, (Mon Mar 27, 9:37 pm)

Re: Integrating securelevel and kauth(9), Thomas E. Spanjaard, (Mon Mar 27, 9:18 pm)

Re: Integrating securelevel and kauth(9), Martin Husemann, (Mon Mar 27, 7:20 am)

Re: Integrating securelevel and kauth(9), Bill Studenmund, (Fri Mar 24, 6:44 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Fri Mar 24, 6:56 pm)

Re: Integrating securelevel and kauth(9), Bill Studenmund, (Sat Mar 25, 2:05 pm)

Re: Integrating securelevel and kauth(9), David Laight, (Fri Mar 24, 3:01 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Fri Mar 24, 5:51 pm)

Re: Integrating securelevel and kauth(9), Bill Studenmund, (Fri Mar 24, 6:29 pm)

Re: Integrating securelevel and kauth(9), Garrett D'Amore, (Fri Mar 24, 2:17 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Fri Mar 24, 5:24 pm)

Re: Integrating securelevel and kauth(9), Matthew Mondor, (Sat Mar 25, 4:59 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 5:28 pm)

Re: Integrating securelevel and kauth(9), Matthew Mondor, (Sat Mar 25, 6:53 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 7:22 pm)

Re: Integrating securelevel and kauth(9), Garrett D'Amore, (Sat Mar 25, 9:07 pm)

Re: Integrating securelevel and kauth(9), Garrett D'Amore, (Fri Mar 24, 5:55 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Fri Mar 24, 8:29 pm)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Martin Bligh	Re: Unified tracing buffer
Ingo Molnar	[announce] "kill the Big Kernel Lock (BKL)" tree
Con Kolivas	[PATCH] [RFC] sched: accurate user accounting
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
linux-netdev:
Krzysztof Oledzki	Error: an inet prefix is expected rather than "0/0".
Wenji Wu	A Linux TCP SACK Question
Ramachandra K	[PATCH 11/13] QLogic VNIC: Driver utility file - implements various utility macros
Jay Cliburn	Re: atl1 64-bit => 32-bit DMA borkage (reproducible, bisected)
git:
Andrew Morton	Untracked working tree files
Pierre Habouzit	Re: libgit2 - a true git library
Nicolas Vilz 'niv'	git + ssh + key authentication feature-request
Martin Langhoff	Re: pack operation is thrashing my server
openbsd-misc:
Steve B	SSH brute force attacks no longer being caught by PF rule
GVG GVG	ssh_exchange_identification: Connection closed by remote host
rancor	How to copy/pipe console buffert to file?
Richard Stallman	Real men don't attack straw men

Latest forum posts


Question on swap as ramdisk partition	42 minutes ago	Linux kernel
Netfilter kernel module	11 hours ago	Linux kernel
serial driver xmit problem	13 hours ago	Linux kernel
Why Windows is better than Linux	13 hours ago	Linux general
How can I see my kernel messages in vt12?	20 hours ago	Linux kernel
Grub	1 day ago	Linux general
vmalloc_fault handling in x86_64	1 day ago	Linux kernel
epoll_wait()ing on epoll FD	1 day ago	Linux kernel
Framebuffer in x86_64 causes problems to multiseat	1 day ago	Linux kernel
Difference between 2.4 and 2.6 regarding thread creation	2 days ago	Linux general

Show all forums...

Recent Tags

more tags

Colocation donated by:

Online users

Syndicate