6348740 2001-04-10 17:04 -0700 /41 rader/ Crispin Cowan <crispin@WIREX.COM> Sänt av: joel@lysator.liu.se Importerad: 2001-04-11 09:55 av Brevbäraren Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM Externa svar till: crispin@WIREX.COM Mottagare: Bugtraq (import) <16465> Ärende: Linux Security Module Interface ------------------------------------------------------------ From: Crispin Cowan <crispin@WIREX.COM> To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <3AD39F7C.AD6FF2F8@wirex.com> One of the byproducts of the Linux 2.5 Kernel Summit http://lwn.net/2001/features/KernelSummit/ was the notion of an enhancement of the loadable kernel module interface to facilitate security-oriented kernel modules. The purpose is to ease the tension between folks (such as Immunix and SELinux) who want to add substantial security capabilities to the kernel, and other folks who want to minimize kernel bloat & have no use for such security extensions. Modules that can be loaded, or not, are the obvious solution, but the current LKM does not export sufficient hooks to support many security mechanisms. Thus many current security enhancements end up existing as kernel patches, which marginalizes their utility by making distribution problematic. The proposed solution is to enhance the LKM with a variety of new kernel elements exported to the module interface, so as to support a reasonable variety of security enhancements. We have started a new mailing list called linux-security-module. The charter is to design, implement, and maintain suitable enhancements to the LKM to support a reasonable set of security enhancement packages. The prototypical module to be produced would be to port the POSIX Privs code out of the kernel and make it a module. An essential part of this project will be that the resulting work is acceptable for the mainline Linux kernel. The list is open to all. You can subscribe here http://mail.wirex.com/mailman/listinfo/linux-security-module or by sending e-mail to linux-security-module-request@wirex.com with a subject of "subscribe". Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org (6348740) /Crispin Cowan <crispin@WIREX.COM>/(Ombruten)