Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262035AbVBPRld (ORCPT ); Wed, 16 Feb 2005 12:41:33 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262054AbVBPRld (ORCPT ); Wed, 16 Feb 2005 12:41:33 -0500 Received: from turing-police.cc.vt.edu ([128.173.14.107]:41990 "EHLO turing-police.cc.vt.edu") by vger.kernel.org with ESMTP id S262035AbVBPRlY (ORCPT ); Wed, 16 Feb 2005 12:41:24 -0500 Message-Id: <200502161741.j1GHfJ7u013810@turing-police.cc.vt.edu> X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.1-RC3 To: Casey Schaufler Cc: Lorenzo =?UNKNOWN?Q?Hern=E1ndez_Garc=EDa-Hierro?= , rsbac@rsbac.org, "linux-security-module@wirex.com" , "linux-kernel@vger.kernel.org" Subject: Re: Thoughts on the "No Linux Security Modules framework" old claims In-Reply-To: Your message of "Wed, 16 Feb 2005 07:52:51 PST." <20050216155251.16202.qmail@web50201.mail.yahoo.com> From: Valdis.Kletnieks@vt.edu References: <20050216155251.16202.qmail@web50201.mail.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1108575679_12340P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Wed, 16 Feb 2005 12:41:19 -0500 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1736 Lines: 46 --==_Exmh_1108575679_12340P Content-Type: text/plain; charset=us-ascii On Wed, 16 Feb 2005 07:52:51 PST, Casey Schaufler said: > The advice given by the NSA during our B1 > evaluation was that is was that in the case > above was that the MAC check should be done > first (because it's more important) and > because you want the audit record to report > the MAC failure whenever possible. The > team advised us that if we didn't do the MAC > check first we would have a tough row to hoe > explaining the design decision and an even > tougher time explaining that the audit of > MAC criteria had been met. Fine advice, if the LSM exits had in fact been structured that way. But the LSM hooks are where they are, and as a result not useful for auditing. As others noted, the current 2.6 kernel *does* have a separate audit framework (although it will still report DAC failures in preference to MAC failures). I admit having no good idea how to solve that issue, other than having the audit framework do a dummy LSM call to see if a MAC failure would have been reported as well if it's an audited syscall. But that's still quite high on the bletcherous scale.... --==_Exmh_1108575679_12340P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001 iD8DBQFCE4W/cC3lWbTT17ARArRWAJ9z65SgGlW7HxcE+UgopfTsBgDNBQCfShgm pasqOQLrKWFLBFqcgShwSSQ= =4PsC -----END PGP SIGNATURE----- --==_Exmh_1108575679_12340P-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/