[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[crispin@WIREX.COM: Linux Security Module Interface]
- To: linux-il(at-nospam)linux.org.il
- Subject: [crispin@WIREX.COM: Linux Security Module Interface]
- From: Yotam Rubin <yotam(at-nospam)makif.omer.k12.il>
- Date: Wed, 11 Apr 2001 13:29:16 +0300
- Delivered-To: linux.org.il-linux-il@linux.org.il
- Mail-Followup-To: linux-il@linux.org.il
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
- User-Agent: Mutt/1.3.15i
Gentle people,
Some of you might find the following article to contain interesting
information. Personally, I have been waiting for such a thing to happen
for quite a long time. Up until now I have regularly been applying non-standard
security related patches to the kernel and I'm sure that others do the same,
so my interest in the following letter is obvious.
Regards, Yotam Rubin
----- Forwarded message from Crispin Cowan <crispin@WIREX.COM> -----
Reply-To: crispin@WIREX.COM
From: Crispin Cowan <crispin@WIREX.COM>
Organization: WireX Communications, Inc.
Subject: Linux Security Module Interface
One of the byproducts of the Linux 2.5 Kernel Summit
http://lwn.net/2001/features/KernelSummit/ was the notion of an
enhancement of the loadable kernel module interface to facilitate
security-oriented kernel modules. The purpose is to ease the tension
between folks (such as Immunix and SELinux) who want to add substantial
security capabilities to the kernel, and other folks who want to
minimize kernel bloat & have no use for such security extensions.
Modules that can be loaded, or not, are the obvious solution, but the
current LKM does not export sufficient hooks to support many security
mechanisms. Thus many current security enhancements end up existing as
kernel patches, which marginalizes their utility by making distribution
problematic. The proposed solution is to enhance the LKM with a variety
of new kernel elements exported to the module interface, so as to
support a reasonable variety of security enhancements.
We have started a new mailing list called linux-security-module. The
charter is to design, implement, and maintain suitable enhancements to
the LKM to support a reasonable set of security enhancement packages.
The prototypical module to be produced would be to port the POSIX Privs
code out of the kernel and make it a module. An essential part of this
project will be that the resulting work is acceptable for the mainline
Linux kernel.
The list is open to all. You can subscribe here
http://mail.wirex.com/mailman/listinfo/linux-security-module or by
sending e-mail to linux-security-module-request@wirex.com with a subject
of "subscribe".
Crispin
--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution: http://immunix.org
----- End forwarded message -----
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il