Monday, January 24, 2005

GrSecurity as kernel hooks

I don't know why I did it, I don't know how I did it, but somehow I managed to reverse part of GrSecurity into a set of kernel hooks—only three right now—to implement GrSecurity with. I know Brad isn't going to go along with it, nor will Linus; it's purely academic.

It took me about 5 minutes to design a stacking mechanism that modules don't have to be aware of, and 10 minutes to implement it. It requires two more void pointers per loaded security module, and basically turns them into a doubly-linked list. This list is read-locked and iterated by the security module framework for every security call.

In this design, security calls don't block eachother, because read-locks are non-blocking. When a pending write-lock exists, it blocks all future read- and write-locks until it gains control and unlocks. In this way, inserting and removing modules is safe; and insertion and removal is the only blocking operation. This provides a fast, SMP-aware, self-stacking security framework.

The design I used also leaves any non-supplied functions initialized to NULL for each module. NULL functions are ignored by the framework, instead of being called. This means that no functions are needed. Because the framework also checks for the grsecurity_ops pointer to actually point to the head of a linked list of modules, the need for a dummy module is also eliminated.

This leaves only the actual important security concerns, such as, how do we determine if we deny or allow an operation? This is quite simple. Along the way, every module has a chance to deny access. If any one module denies access, the check is halted, and an access error is returned. This means that access must be granted by all security modules, or access is not granted.

I find myself asking why no upstream kernel developers have bothered to write this into LSM yet. Perhaps they simply don't want stacking; or perhaps those kernel devs are lazy. Maybe they're just not smart enough.

Stacking is important to allow multiple isolated modules to function together. GrSecurity's kernel security, chroot() jail modifications, and RBAC system could all be isolated modules functioning together on a security framework. Similar systems could be ported to LSM; but it'd be a waste of time without stacking. Many systems aren't mutually exclusive; they shouldn't be forced to be.

Apologies for this short, irrelavent post. I just haven't had anything to say in a while, and didn't want my readers to think I was dead.

4 Comments:

Blogger Dominicans resources said...

::FREE BLOGS AND FREE WORDPRESS BLOG HOSTING - CREATE UNLIMITED BLOGS NOW ALL FREE ::

Free blogging software hosting speicalist

4:54 PM  
Blogger gourmands resources said...

I just came across your blog about blogging italy and wanted to drop you a note telling you how impressed I was with the information you have posted here. I also have a web site about blogging italy so I know I'm talking about when I say your site is top-notch! Keep up the great work, you are providing a great resource on the Internet here!

2:01 AM  
Blogger wow power leveling said...

Why was there no follow on bankruptcy then? The bailout of AIG FP went to (wow power leveling) hedge funds that bound credit swaps on Lehman failing or others betting on rating (wow power leveling) declines. AIG has drained over 100 billion from the government. Which had to go to those who bet on failures and downgrades. Many of whom (power leveling)were hedge funds. I-banks that had offsetting swaps needed the money from the AIG bailout or they would have been caught. Its an (wow powerleveling) insiders game and it takes just a little bit too much time for most people to think (wow gold) through where the AIG 100 billion bailout money went to, hedge funds and players, many of whom hire from the top ranks of DOJ, Fed, Treasury, CAOBO
wow goldwow goldwow goldwow gold CAOBO

9:51 PM  
Blogger office said...

The Tax Return Crack-Up<4>
Realizing he might have dug himself in there,Microsoft Office 2010the general emphasized that Office 2010he had spent some time as a junior Office 2007officer working "very closely Microsoft Officewith the Israeli air force" and that heMicrosoft Office 2007had found that "more cosmopolitan,Office 2007 key liberal version of the Israeli population" Office 2007 downloadto be just chock full Office 2007 Professionalof that sort of "goodwill" necessary Windows 7to give a bunch of land back Microsoft outlook 2010to the Palestinians.

4:13 AM  

Post a Comment

<< Home