Design
LSM was designed to provide the specific needs of everything needed to successfully implement a mandatory access control module, while imposing the fewest possible changes to the Linux kernel. LSM avoids the approach of system call interposition as used in Systrace because it does not scale to multiprocessor kernels and is subject to TOCTTOU (race) attacks. Instead, LSM inserts "hooks" (upcalls to the module) at every point in the kernel where a user-level system call is about to result in access to an important internal kernel object such as inodes and task control blocks.
The project is narrowly scoped to solve the problem of access control to avoid imposing a large and complex change patch on the mainstream kernel. It is not intended as a general "hook" or "upcall" mechanism, nor does it support Operating system-level virtualization.
LSM's access control goal is very closely related to the problem of system auditing, but is subtly different. Auditing requires that every attempt at access be recorded. LSM cannot deliver that, because it would require a great many more hooks, so as to detect cases where the kernel "short circuits" failing system calls and returns an error code before getting near significant objects.
The LSM design is described in the paper Linux Security Modules: General Security Support for the Linux Kernel presented at USENIX Security 2002. At the same conference was the paper Using CQUAL for Static Analysis of Authorization Hook Placement which studied automatic static analysis of the kernel code to verify that all of the necessary hooks have actually been inserted into the Linux kernel.
Read more about this topic: Linux Security Modules
Famous quotes containing the word design:
“With wonderful art he grinds into paint for his picture all his moods and experiences, so that all his forces may be brought to the encounter. Apparently writing without a particular design or responsibility, setting down his soliloquies from time to time, taking advantage of all his humors, when at length the hour comes to declare himself, he puts down in plain English, without quotation marks, what he, Thomas Carlyle, is ready to defend in the face of the world.”
—Henry David Thoreau (1817–1862)
“Nowadays the host does not admit you to his hearth, but has got the mason to build one for yourself somewhere in his alley, and hospitality is the art of keeping you at the greatest distance. There is as much secrecy about the cooking as if he had a design to poison you.”
—Henry David Thoreau (1817–1862)
“For I choose that my remembrances of him should be pleasing, affecting, religious. I will love him as a glorified friend, after the free way of friendship, and not pay him a stiff sign of respect, as men do to those whom they fear. A passage read from his discourses, a moving provocation to works like his, any act or meeting which tends to awaken a pure thought, a flow of love, an original design of virtue, I call a worthy, a true commemoration.”
—Ralph Waldo Emerson (1803–1882)