SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] From: king killer <thenamelessone_at_web.de> subject: seperate kernel modules Date: Mon, 30 Jul 2001 14:42:54 +0200 This message: [ Message body ] Next message: Martin Stricker: "Re: seperate kernel modules" Previous message: Rajan Ravindran: "SELinux Performance and Scalability analysis" Next in thread: Martin Stricker: "Re: seperate kernel modules" Reply: Martin Stricker: "Re: seperate kernel modules" Maybe reply: Jonathan Day: "Re: seperate kernel modules" Maybe reply: king killer: "Re: seperate kernel modules" hello im new here so im sorry if i say something someone else has already proposed 1 (or 2 days ago) i read a text how to infiltrate a linux system thru modules and here comes my idea. the kernel modules themselves shall be separated. for example a sound driver does not need to be able to access any other io-ports then the ones needed to use sound. Flug.de \| Wer oft unterwegs ist, kann keine Zeit verschwenden http://flug.de/sb/?PP=0-5-100-105-11 -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From: Martin Stricker <shugal_at_gmx.de> subject: Re: seperate kernel modules Date: Tue, 31 Jul 2001 00:28:44 +0200 This message: [ Message body ] Next message: Jonathan Day: "Re: seperate kernel modules" Previous message: king killer: "seperate kernel modules" In reply to: king killer: "seperate kernel modules" Next in thread: Jonathan Day: "Re: seperate kernel modules" king killer wrote: > 1 (or 2 days ago) i read a text how to infiltrate a linux system thru > modules and here comes my idea. > the kernel modules themselves shall be separated. > for example a sound driver does not need to be able to access any > other io-ports then the ones needed to use sound. You might want to take a look at HURD, a new micro-kernel based unix kernel from the GNU project. Here only the most basic functions remain in the kernel, everything else, i. e. file systems or peripheral hardware, is handled by so-called servers which run in user space, not in kernel space. A very interesting approach. For a ready-to-install distribution see http://www.debian.org/hurd/ . Best regards, Martin Stricker -- Homepage: http://www.martin-stricker.de/ Registered Linux user #210635: http://counter.li.org/ -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From: Jonathan Day <jd9812_at_my-deja.com> subject: Re: seperate kernel modules Date: Mon, 30 Jul 2001 20:18:21 -0700 This message: [ Message body ] Next message: king killer: "Re: seperate kernel modules" Previous message: Martin Stricker: "Re: seperate kernel modules" Maybe in reply to: king killer: "seperate kernel modules" Next in thread: king killer: "Re: seperate kernel modules" ('binary' encoding is not supported, stored as-is) HURD (as is) uses the Mach microkernel, which (frankly) is the pits. The L4 microkernel (which you can see in L4Linux) is a better design, but still not briliant. There's still a 14% slow-down for some functions. About the most extreme design is MIT's Exokernel. This takes everything that a microkernel leaves in, and places it in user space. For security, the Exokernel design looks extremely promising, although MIT seems to have abandoned it. Another kernel design that looks interesting is EROS, which is designed to be secure from the outset. IMHO, though, seperation is not the answer. Secure boundaries would be much better, as modules have considerable power. If the scope of a module is confined and pre-determined, you should be able to mathematically prove the security. To be honest, I think that it's about time that somebody DID audit the entire of the Linux core. Not just run some pre-compiler, such as the Stanford Validator, but formally prove each of the core functions correct. I'm limiting this to the core, as the boundaries of Linux are expanding just too fast to make it viable to start auditing it. (The FOLK project, that I maintain, is now almost the same size as the Linux kernel it's supposed to patch! And it doesn't even begin to scratch the surface of what patches exist for Linux.) Further, if you prove the core (including the module-handling code), then you've proved everything you need to. Any rougue module CANNOT impact any other part of the kernel, simply because that would violate the pre/post conditions of the module-handler. --== Sent via Deja.com ==-- http://www.deja.com/ -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From: king killer <thenamelessone_at_web.de> subject: Re: seperate kernel modules Date: Tue, 31 Jul 2001 10:59:33 +0200 This message: [ Message body ] Next message: Dale Amon: "Re: seperate kernel modules" Previous message: Jonathan Day: "Re: seperate kernel modules" Maybe in reply to: king killer: "seperate kernel modules" Next in thread: Dale Amon: "Re: seperate kernel modules" Reply: Dale Amon: "Re: seperate kernel modules" first i know the hurd second l4 is a great design third if you really read the exokernel manual you will see that it is much more than a microkernel, since it handles network messages, hd blocks etc. fourth to seperate kernel modules another instance (a first-level kernel)would be needed that would handle ressource registration, for kernel modules which would then run in ring 1. the problem is that if you want to securely seperate them you have to put them into multiple segments.then a call from one module to another would include a call to the first-level-kernel.for all this stub routines could be made which would be mapped into every module segment and the module calls would point to the stup routine which would do the right call the 1st-lv-kernel.there would be no need to change the modules greatly, but the linux kernel would have to be completely modularized. 1.000.000 DM gewinnen - kostenlos tippen - http://millionenklick.web.de IhrName@web.de, 8MB Speicher, Verschluesselung - http://freemail.web.de -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From: Dale Amon <amon_at_vnl.com> subject: Re: seperate kernel modules Date: Tue, 31 Jul 2001 11:47:23 +0100 This message: [ Message body ] Next message: Dale Amon: "Re: seperate kernel modules" Previous message: king killer: "Re: seperate kernel modules" In reply to: king killer: "Re: seperate kernel modules" Next in thread: Dale Amon: "Re: seperate kernel modules" Reply: Dale Amon: "Re: seperate kernel modules" I think the point of selinux is to prove out certain security technologies in an environment where it may have real impact. A large and growing fraction of servers (primary targets!) are linux based. It seems good strategy to me to distribute the means of denying those resources to attackers. -- Use Linux: A computer Dale Amon, CEO/MD is a terrible thing Village Networking Ltd to waste. Belfast, Northern Ireland ------------------------------------------------------ -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From: Dale Amon <amon_at_vnl.com> subject: Re: seperate kernel modules Date: Tue, 31 Jul 2001 13:46:56 +0100 This message: [ Message body ] Next message: JohnScroggins: "new to list" Previous message: Dale Amon: "Re: seperate kernel modules" In reply to: Dale Amon: "Re: seperate kernel modules" If Richard Smalley is about, I'd appreciate if he'd get in touch with me. I don't know if I had the correct private email address. -- Use Linux: A computer Dale Amon, CEO/MD is a terrible thing Village Networking Ltd to waste. Belfast, Northern Ireland ------------------------------------------------------ -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom