[rsbac] Against LSM
Amon Ott
ao at rsbac.org
Mon Aug 20 10:16:55 CEST 2007
On Saturday 04 August 2007 19:57, shahbaz khan wrote:
> I would like to know:
>
> 1- How does LSM pose a threat to kernel considering root kits and
It makes manipulation of kernel internal structures much easier, which
are usually not available to loadable modules. All they have to do is
register with LSM, and they get pointers to many critical structures
and an overview of most accesses for free.
> 2- What is the treat model that grsec talks about when it comes to
> selinux?
Please ask at the grsec list directly.
> 3- How are these threats not possible when there is no
> LSM?
LSM makes them much easier, so the probability gets higher. Sure they
are still possible without LSM.
> As far as I can understand LSM is designed for speed and generality
> so it lacks many hooks that are specific for a wide range of
> models.
I agree that it is designed for speed as its most important target.
For generality, it should include hooks at as many security relevant
places as possible, be kernel version independent, provide more
abstraction and really allow more than one module (stacking does not,
as you have read).
> 4- Why doest rsbac use extended attrbutes? Its a nice feature. The
> load that ACI impose can be reduced to some extent.
Extended attributes are not available on all filesystems and they use
significantly more disk space than the RSBAC lists.
> 5- If possible, off the list topic but, how does grsec implement
> its hooks? Can't find any details about it neither from any
> documentation nor from their mailing list.
Just ask on their list, Brad is more likely to give you a good answer.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list