Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758969AbXFZSlS (ORCPT ); Tue, 26 Jun 2007 14:41:18 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1757507AbXFZSlI (ORCPT ); Tue, 26 Jun 2007 14:41:08 -0400 Received: from e34.co.us.ibm.com ([32.97.110.152]:50365 "EHLO e34.co.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756075AbXFZSlG (ORCPT ); Tue, 26 Jun 2007 14:41:06 -0400 Date: Tue, 26 Jun 2007 13:40:48 -0500 From: "Serge E. Hallyn" To: Greg KH Cc: "Serge E. Hallyn" , Adrian Bunk , "Serge E. Hallyn" , James Morris , Andreas Gruenbacher , Chris Wright , linux-security-module@vger.kernel.org, Andrew Morgan , Andrew Morton , Stephen Smalley , lkml , Arjan van de Ven , Eric Paris Subject: Re: [PATCH try #2] security: Convert LSM into a static interface Message-ID: <20070626184048.GA12109@sergelap.austin.ibm.com> References: <20070617135239.GA17689@sergelap> <20070624220903.GB3723@sequoia.sous-sol.org> <200706252237.59226.agruen@suse.de> <20070626035731.GA16313@vino.hallyn.com> <20070626131519.GH1094@stusta.de> <20070626140644.GB8615@sergelap.austin.ibm.com> <20070626181823.GA5602@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070626181823.GA5602@kroah.com> User-Agent: Mutt/1.5.13 (2006-08-11) Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3139 Lines: 81 Quoting Greg KH (greg@kroah.com): > On Tue, Jun 26, 2007 at 09:06:44AM -0500, Serge E. Hallyn wrote: > > Quoting Adrian Bunk (bunk@stusta.de): > > > On Mon, Jun 25, 2007 at 10:57:31PM -0500, Serge E. Hallyn wrote: > > > > Quoting James Morris (jmorris@namei.org): > > > > > On Mon, 25 Jun 2007, Andreas Gruenbacher wrote: > > > > > > > > > > > It's useful for some LSMs to be modular, and LSMs which are y/n options won't > > > > > > have any security architecture issues with unloading at all. > > > > > > > > > > Which LSMs? Upstream, there are SELinux and capabilty, and they're not > > > > > safe as loadable modules. > > > > > > > > > > > The mere fact > > > > > > that SELinux cannot be built as a module is a rather weak argument for > > > > > > disabling LSM modules as a whole, so please don't. > > > > > > > > > > That's not the argument. Please review the thread. > > > > > > > > The argument is 'abuse', right? > > > > > > > > Abuse is defined as using the LSM hooks for non-security applications, > > > > right? > > > > > > > > It seems to me that the community is doing a good job of discouraging > > > > such abuse - by redirecting the "wrong-doers" to implement proper > > > > upstream solutions, i.e. taskstats, the audit subsystem, etc. > > > > > > > > Such encouragement seems a far better response than taking away freedoms > > > > and flexibility from everyone. > > > > > > We are not living in a world where everyone had good intentions... > > > > Oh no, i took a wrong turn somewhere :) > > > > > For _some_ "wrong-doers" your approach works. > > > > > > But how do you convince the "wrong-doers" who do things like putting > > > MODULE_LICENSE("GPL") into their binary-only modules and who ignore you > > > and get away because noone sues them? > > > > Do these really exist? > > Yes they do. > > > Maybe noone sues them because noone knows who they are... > > Maybe no one knows because the people doing the legal action against > them are trying to be nice and do it quietly. So they're being nice to the violaters, and then clamping down on everyone... > And legal action takes time, it is quite slow going unfortunatly. > > Heck, I've seen code that is even properly licensed under the GPL abuse > this security layer for things it was not ment to do at all, and that > stuff comes from _very_ big companies that really should know better... But that's back to the other type of 'abuse' which i was originally talking about, and which IMO is being well addressed through education. As for the others, I have no better suggestions. I wish I did. > So I agree that we should unexport it. It will make people who want to > abuse the interface at least think twice about it. And those who don't abuse it too. > thanks, > > greg "I want to mark structures read-only" k-h And I know I'm not the one who's going to stop you... -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/