|
|
Log in / Subscribe / Register

LSM chaining ("stacking") is a good idea

LSM chaining ("stacking") is a good idea

Posted Jun 24, 2010 15:14 UTC (Thu) by dwheeler (guest, #1216)
Parent article: LSM stacking (again)

I think it is a *good* idea to implement what this article calls "LSM chaining" (I called it LSM stacking when I wrote such an implementation for the Linux kernel). The worries about interference are overblown. I would expect that typical use would involve one "big" module (like SELinux) that covers the general case, plus zero or more "small" modules that forbid or restrict certain specific actions. If it's cumulatively restrictive, many of the problems of figuring out what's okay to combine are quite easy.

Sure, a bad configuration/implementation can mess up security... but NOT having this capability makes it impossible to easily implement security configurations that you DO want. And PAM shows that you CAN reasonably combine modules to produce useful effects.

to post comments

LSM chaining ("stacking") is a good idea

Posted Jun 24, 2010 23:34 UTC (Thu) by cesarb (subscriber, #6266) [Link] (1 responses)

> If it's cumulatively restrictive, many of the problems of figuring out what's okay to combine are quite easy.

Adding restrictions is not always OK. There is always the risk of creating something like the "sendmail capabilities bug" (http://userweb.kernel.org/~morgan/sendmail-capabilities-w...).

LSM chaining ("stacking") is a good idea

Posted Jun 27, 2010 16:00 UTC (Sun) by nix (subscriber, #2304) [Link]

Yes, David mentioned that in the very next paragraph. His point stands, I think.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds