Linux Security Module Interface

From: Crispin Cowan (crispin@WIREX.COM)
Date: Wed Apr 11 2001 - 02:04:12 CEST

  • Next message: bugzilla@REDHAT.COM: "[RHSA-2001:046-03] New netscape packages available"

    One of the byproducts of the Linux 2.5 Kernel Summit
    http://lwn.net/2001/features/KernelSummit/ was the notion of an
    enhancement of the loadable kernel module interface to facilitate
    security-oriented kernel modules. The purpose is to ease the tension
    between folks (such as Immunix and SELinux) who want to add substantial
    security capabilities to the kernel, and other folks who want to
    minimize kernel bloat & have no use for such security extensions.

    Modules that can be loaded, or not, are the obvious solution, but the
    current LKM does not export sufficient hooks to support many security
    mechanisms. Thus many current security enhancements end up existing as
    kernel patches, which marginalizes their utility by making distribution
    problematic. The proposed solution is to enhance the LKM with a variety
    of new kernel elements exported to the module interface, so as to
    support a reasonable variety of security enhancements.

    We have started a new mailing list called linux-security-module. The
    charter is to design, implement, and maintain suitable enhancements to
    the LKM to support a reasonable set of security enhancement packages.
    The prototypical module to be produced would be to port the POSIX Privs
    code out of the kernel and make it a module. An essential part of this
    project will be that the resulting work is acceptable for the mainline
    Linux kernel.

    The list is open to all. You can subscribe here
    http://mail.wirex.com/mailman/listinfo/linux-security-module or by
    sending e-mail to linux-security-module-request@wirex.com with a subject
    of "subscribe".

    Crispin

    --
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    



    This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 21:41:07 CEST