Re: Web server security?

["Paul D. Robertson" <paul () compuwar net>]

On Tue, 22 Jun 2004, Crispin Cowan wrote:

> Previously available only as a feature of Immunix OS, SubDomain is now
> available as a stand-alone product for Linux 2.6 systems via the LSM
> interface for pluggable security modules. In the near term, since
> Immunix requires Linux 2.6, that means SuSE 9.1.

FWIW, I tend to share most of Amon Ott's worries about LSM:

http://www.rsbac.org/lsm.htm

The two most salient points, IMO are:

And the whole hook design is broken, because all kernel data gets exposed
to any module that likes to register - what an invitation to root kit
authors.

and:

When in the year 2000 the first common access control framework for all
important then existing Linux kernel access control extensions was
designed, people from LIDS, Medusa, SGI and RSBAC, as well as some other
people, already solved most of these and some other important issues.
Unfortunately, our design did not get the important impetus to prosper and
died.


The LSM project, lead mostly by different people (who had also been
invited to our previous discussion), felt itself bound to Linus' order
that security must not cost anything in performance, focused on single
modules and, sorry to say that, mostly ignored the work done by the first
approach.


"Security can't cost performance!" and ignoring folks who've done the real
hard work before have never been good traits for a project...

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards