From: Kevin Fox <Kevin.Fox@pnl.gov>
To: Sergiy Lozovsky <serge_lozovsky@yahoo.com>
Cc: Timothy Miller <miller@techsource.com>,
John Stoffel <stoffel@lucent.com>,
Helge Hafting <helgehaf@aitel.hist.no>,
linux-kernel@vger.kernel.org
Subject: Re: kernel stack challenge
Date: Mon, 05 Apr 2004 14:45:37 -0700 [thread overview]
Message-ID: <1081201537.6361.8.camel@nightmare> (raw)
In-Reply-To: <20040405213026.37258.qmail@web40512.mail.yahoo.com>
On Mon, 2004-04-05 at 14:30, Sergiy Lozovsky wrote:
> --- Timothy Miller <miller@techsource.com> wrote:
> >
> >
> > Sergiy Lozovsky wrote:
> >
> > >
> > >
> > > All LISP errors are incapsulated within LISP VM.
> > >
> >
> >
> > A LISP VM is a big, giant, bloated.... *CHOKE*
> > *COUGH* *SPUTTER*
> > *SUFFOCATE* ... thing which SHOULD NEVER be in the
> > kernel.
>
> It is a smallest interpreter (of all purpose language)
> I was able to find. My guess is that you refer to the
> Common Lisp. it is huge and I don't use it.
>
How about BF? ;)
I would think something like forth might be a better fit then lisp.
> >
> > If you want to use a more abstract language for
> > describing kernel
> > security policies, fine. Just don't use LISP.
>
> Point me to ANy langage with VM around 100K.
>
> > The right way to do it is this:
> >
> > - A user space interpreter reads text-based config
> > files and converts
> > them into a compact, easy-to-interpret code used by
> > the kernel.
> >
> > - A VERY TINY kernel component is fed the security
> > policy and executes it.
>
> it is exactly the way it is implemented. Not everyone
> need to create their own security model (that VERY
> TINY kernel component you refer to). But even for
> those who want to modify or create their own VERY TINY
> kernel component - they don't need to do that in C and
> debug it in th kernel crashing it.
>
> >
> > Move as much of the processing as reasonable into
> > user space. It's
> > absolutely unnecessary to have the parser into the
> > kernel, because
> > parsing of the config files is done only when the
> > ASCII text version
> > changes.
> >
> > It's absolutely unnecessary to have something as
> > complex as LISP to
> > interpret it, when something simple and compact
> > could do just as well.
> >
> > Why do you choose LISP? Don't you want to use a
> > language that sysadmins
> > will actually KNOW?
>
> It was is) the smallest VM I know of.
>
> 99% of sysadmins don't need to create their own
> security models. Security polices are created with web
> interface very close to the way you described. So
> sysadmin don't need to know anything about LISP (to
> use predefined security models).
>
> Serge.
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Small Business $15K Web Design Giveaway
> http://promotions.yahoo.com/design_giveaway/
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2004-04-05 21:51 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-04 6:48 kernel stack challenge Sergiy Lozovsky
2004-04-05 9:39 ` Helge Hafting
2004-04-05 17:05 ` Sergiy Lozovsky
2004-04-05 18:06 ` Timothy Miller
2004-04-05 17:59 ` Sergiy Lozovsky
2004-04-05 19:27 ` Valdis.Kletnieks
2004-04-05 21:14 ` Timothy Miller
2004-04-05 20:09 ` John Stoffel
2004-04-05 20:54 ` Sergiy Lozovsky
2004-04-05 21:08 ` Chris Wright
2004-04-05 21:40 ` Sergiy Lozovsky
2004-04-05 21:53 ` Chris Wright
2004-04-05 22:22 ` Timothy Miller
2004-04-05 23:49 ` Sergiy Lozovsky
2004-04-06 13:25 ` Jesse Pollard
[not found] ` <20040406132750$3d4e@grapevine.lcs.mit.edu>
[not found] ` <mit.lcs.mail.linux-kernel/20040406132750$3d4e@grapevine.lcs.mit.edu>
2004-04-06 16:40 ` Patrick J. LoPresti
2004-04-06 19:10 ` Timothy Miller
2004-04-06 20:53 ` Patrick J. LoPresti
2004-04-06 21:24 ` Timothy Miller
2004-04-07 14:36 ` Jesse Pollard
2004-04-05 21:28 ` Timothy Miller
2004-04-05 21:21 ` Stephen Smoogen
2004-04-05 22:25 ` Timothy Miller
2004-04-05 21:30 ` Sergiy Lozovsky
2004-04-05 21:45 ` Kevin Fox [this message]
2004-04-05 21:59 ` Robin Rosenberg
2004-04-05 22:52 ` Sergiy Lozovsky
2004-04-06 0:46 ` Robin Rosenberg
2004-04-06 0:55 ` Robin Rosenberg
2004-04-06 3:02 ` Sergiy Lozovsky
2004-04-06 3:04 ` Randy.Dunlap
2004-04-05 22:20 ` Timothy Miller
2004-04-05 23:27 ` Sergiy Lozovsky
2004-04-06 20:16 ` Horst von Brand
2004-04-06 20:58 ` Timothy Miller
2004-04-06 22:05 ` Sergiy Lozovsky
2004-04-06 22:56 ` Timothy Miller
2004-04-06 23:17 ` Sergiy Lozovsky
2004-04-08 13:11 ` Martin Waitz
2004-04-08 22:33 ` Sergiy Lozovsky
2004-04-07 2:44 ` Horst von Brand
2004-04-07 17:54 ` Sergiy Lozovsky
2004-04-08 2:43 ` Horst von Brand
2004-04-08 4:07 ` Sergiy Lozovsky
2004-04-08 4:29 ` Horst von Brand
2004-04-08 22:51 ` Sergiy Lozovsky
2004-04-08 15:44 ` Valdis.Kletnieks
2004-04-08 22:22 ` Sergiy Lozovsky
2004-04-09 15:27 ` Jesse Pollard
2004-04-05 21:12 ` Timothy Miller
2004-04-06 13:32 ` Helge Hafting
2004-04-06 17:44 ` Sergiy Lozovsky
2004-04-07 1:02 ` Horst von Brand
2004-04-07 1:34 ` Sergiy Lozovsky
2004-04-07 8:57 ` David Weinehall
2004-04-07 13:38 ` Chris Friesen
2004-04-07 17:12 ` Sergiy Lozovsky
2004-04-07 17:16 ` Sergiy Lozovsky
2004-04-07 2:30 ` viro
2004-04-06 18:33 ` Jamie Lokier
2004-04-06 18:51 ` Sergiy Lozovsky
[not found] <1H9LV-5Jb-1@gated-at.bofh.it>
2004-04-04 11:27 ` Andi Kleen
2004-04-04 18:24 ` Sergiy Lozovsky
2004-04-04 18:38 ` Muli Ben-Yehuda
[not found] <200404052043.i35KhDvS020176@turing-police.cc.vt.edu>
2004-04-05 21:06 ` Sergiy Lozovsky
[not found] <200404052026.i35KQh5g004342@eeyore.valparaiso.cl>
2004-04-05 21:21 ` Sergiy Lozovsky
2004-04-06 20:01 ` Horst von Brand
[not found] <200404061606.i36G6YLE003375@eeyore.valparaiso.cl>
2004-04-06 18:04 ` Sergiy Lozovsky
2004-04-06 18:28 ` John Stoffel
2004-04-06 18:48 ` Sergiy Lozovsky
2004-04-06 18:57 ` Richard B. Johnson
2004-04-06 21:15 ` Sergiy Lozovsky
2004-04-06 22:44 ` Timothy Miller
2004-04-06 22:57 ` viro
2004-04-06 23:32 ` Sergiy Lozovsky
2004-04-06 23:45 ` Robin Rosenberg
2004-04-07 2:25 ` Horst von Brand
[not found] <200404061618.i36GIHgW003419@eeyore.valparaiso.cl>
2004-04-06 18:16 ` Sergiy Lozovsky
2004-04-06 20:01 ` Valdis.Kletnieks
2004-04-06 21:38 ` Sergiy Lozovsky
2004-04-06 22:46 ` Timothy Miller
[not found] <24DA9B48-8827-11D8-87A5-000A9585C204@able.es>
2004-04-07 0:27 ` Sergiy Lozovsky
[not found] <58907794@toto.iv>
2004-04-07 4:29 ` Peter Chubb
[not found] <20040409182517.330.qmail@web40508.mail.yahoo.com>
2004-04-10 4:17 ` Horst von Brand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1081201537.6361.8.camel@nightmare \
--to=kevin.fox@pnl.gov \
--cc=helgehaf@aitel.hist.no \
--cc=linux-kernel@vger.kernel.org \
--cc=miller@techsource.com \
--cc=serge_lozovsky@yahoo.com \
--cc=stoffel@lucent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).