Re: kernel stack challenge

From: Sergiy Lozovsky
Date: Mon Apr 05 2004 - 16:38:10 EST

Next message: Pavel Machek: "swsusp update: supports discontingmem/highmem"
Previous message: Dipankar Sarma: "Re: route cache DoS testing and softirqs"
In reply to: Timothy Miller: "Re: kernel stack challenge"
Next in thread: Kevin Fox: "Re: kernel stack challenge"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- Timothy Miller <miller@xxxxxxxxxxxxxx> wrote:
>
>
> Sergiy Lozovsky wrote:
>
> >
> >
> > All LISP errors are incapsulated within LISP VM.
> >
>
>
> A LISP VM is a big, giant, bloated.... *CHOKE*
> *COUGH* *SPUTTER*
> *SUFFOCATE* ... thing which SHOULD NEVER be in the
> kernel.

It is a smallest interpreter (of all purpose language)
I was able to find. My guess is that you refer to the
Common Lisp. it is huge and I don't use it.

>
> If you want to use a more abstract language for
> describing kernel
> security policies, fine. Just don't use LISP.

Point me to ANy langage with VM around 100K.

> The right way to do it is this:
>
> - A user space interpreter reads text-based config
> files and converts
> them into a compact, easy-to-interpret code used by
> the kernel.
>
> - A VERY TINY kernel component is fed the security
> policy and executes it.

it is exactly the way it is implemented. Not everyone
need to create their own security model (that VERY
TINY kernel component you refer to). But even for
those who want to modify or create their own VERY TINY
kernel component - they don't need to do that in C and
debug it in th kernel crashing it.

>
> Move as much of the processing as reasonable into
> user space. It's
> absolutely unnecessary to have the parser into the
> kernel, because
> parsing of the config files is done only when the
> ASCII text version
> changes.
>
> It's absolutely unnecessary to have something as
> complex as LISP to
> interpret it, when something simple and compact
> could do just as well.
>
> Why do you choose LISP? Don't you want to use a
> language that sysadmins
> will actually KNOW?

It was is) the smallest VM I know of.

99% of sysadmins don't need to create their own
security models. Security polices are created with web
interface very close to the way you described. So
sysadmin don't need to know anything about LISP (to
use predefined security models).

Serge.

__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway
http://promotions.yahoo.com/design_giveaway/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pavel Machek: "swsusp update: supports discontingmem/highmem"
Previous message: Dipankar Sarma: "Re: route cache DoS testing and softirqs"
In reply to: Timothy Miller: "Re: kernel stack challenge"
Next in thread: Kevin Fox: "Re: kernel stack challenge"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]