One of the (many) complaints leveled against the Linux Security Module
(LSM) architecture is that it adds a whole new API, that has no users, to the
kernel. That situation is changing, now; a couple of new security modules
have been posted over the last week or so.
The larger and less surprising of the two is the SELinux module. SELinux is the hardened version of
the kernel implemented by the U.S. National Security Agency; it features a
number of mandatory access control features designed to contain the damage
that occurs if and when an application is compromised. SELinux has, in the
past, been subjected to some patent claims, but the patent owners have been
silent for some time and, one hopes, that issue has quietly gone away.
Though a look at Secure Computing Corporation's
last communication on the subject before using SELinux might still be
SELinux is not yet proposed for inclusion within the mainline kernel; it is
still being reviewed, and it depends on a series of other patches which
have not yet been merged. Patent issues aside, the inclusion of modules
like this should not be controversial, even at this stage of kernel
development; they sit off to the side and do not have any effect on anybody
who does not actually use them.
More recently, Niki Rahimi (of IBM) posted a Trusted Path Execution module. This module
divides all users into those who are "trusted" (root and anybody root has
added to the list) and everybody else. Programs, too, are either trusted
or not; trusted programs are those living in a directory which owned by
root and not writeable by anybody else. Trusted users can run any
executable in the system (subject to the usual access checks, of course),
and anybody can run trusted programs. But untrusted users are not allowed
to run untrusted programs. This module, thus, provides a simple mechanism
for controlling which programs may be run on a system.
The promise of the LSM scheme is that it will make it easy for developers
and users to experiment with different security schemes. If all goes
according to plan, LSM should enable the creation of a large library of
security modules to the needs of many different sites.
to post comments)