> I guess I'm missing something here -- do people want performance
> or not?
yes, we want performance. whether it runs fast with auditing on
is utterly irrelevant, since most everyone will compile out all auditing.
what I wonder is whether many readers of linux-kernel realize that
Linda and Casey intend to add logging to every operation in the kernel
that includes even privilege *checks* (not just setuid-type operations.)
this seems ludicrous to me, since the outcome of priv checks is definitely
not something that J Random Linux user/hacker/god wants to see. so even
turning off the actual logging with a per-process, per-event mask means that
priv checks get slower by at least a branch. not to mention the potentially
very impressive bloat to kernel code...
the issue of adding special tags (session and luid) for auditing is
a red herring of the fishiest sort: luid is pointless without audit
masks, yet more syscalls for controlling the masks, littering the kernel
with auditing checkpoints, a whole new subsystem for "high performance"
audit logging, etc.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:21 EST