Talk:Linux Security Modules
|WikiProject Computer Security / Computing|
The repeated reverting
The repeated reverting of a single line between me and Tango is annoying.
Yes, an external citation for this factoid would be very nice. I have looked hard for such a citation, but can't find one. Probably because at the time Linus shipped Linux 2.6.0, he did not consider LSM to be worth noting.
None the less, it is manifestly true that LSM shipped with Linux 2.6.0 because it was there in 2.6.0, and was not there before in 2.4.
To take this line out, you have to conjecture that some other reeally strange thing happened, such that LSM was sneakily inserted into the Linux kernel at some other time, because it is definitely there now.
Crispincowan 07:50, 22 August 2007 (UTC)
"LSM avoids the approach of system call interposition as used in Systrace because it does not scale to multiprocessor kernels and is subject to TOCTTOU (race) attacks."
I think the term "to scale" is used incorrectly here. Multiprocessor systems require special treatment to prevent attacks using race-conditions but this has very little to do with scalability. Also I don't see a big difference between system-call interposition and the upcalls used by LSM. It's not the same but I really don't see how this is a different concept solving problems of the other. Likewise, the time-of-check-time-of-use issues in Systrace or similar solutions strike me rather as implementation problems than design flaws. I doubt that LSM is by design immune against TOCTTOU bugs. Also it seems that the author of systrace has already fixed the concurrency issues, if I understand correctly: http://systrace.org/index.php?/archives/14-Evading-System-Sandbox-Containment.html --220.127.116.11 (talk) 13:03, 1 February 2008 (UTC)