From: Horst von Brand <vonbrand@inf.utfsm.cl>
To: Sergiy Lozovsky <serge_lozovsky@yahoo.com>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: kernel stack challenge
Date: Tue, 06 Apr 2004 16:01:13 -0400 [thread overview]
Message-ID: <200404062001.i36K1DsD004198@eeyore.valparaiso.cl> (raw)
In-Reply-To: Your message of "Mon, 05 Apr 2004 14:21:52 MST." <20040405212152.54101.qmail@web40513.mail.yahoo.com>
Sergiy Lozovsky <serge_lozovsky@yahoo.com> said:
> --- Horst von Brand <vonbrand@inf.utfsm.cl> wrote:
> > Sergiy Lozovsky <serge_lozovsky@yahoo.com> said:
> >
> > [LISP inside the kernel?!]
> >
> > > Basically there are two reasons.
> > >
> > > 1. Give system administrator possibility to change
> > > security policy easy enough
> >
> > SELinux
>
> To create a new 'security model' one should write a C
> program within Selinux user space security server.
> People like to use higher level languages.
C is a high level language. If you don't like it, use C++, Perl, Ruby, TCL,
Guile, Common LISP, PostScript, ... It's userspace, program in whatever you
like most.
> > > without C programminig
> > > inside the kernel (we should not expect system
> > > administartor to be a kernel guru).
> > As 97.572% of the job has to be done in userland anyway, place your
> > checks/high-level language/GUI frobnitzer in there at will. Compile to a
> > compact, easy-to-handle, digitally signed, binary blob and stuff _that_
> > into the kernel as needed.
> I'm not ready to put a binary compiled with Common
> Lisp or PERL (if it exists)
Yep.
> compilers into the kernel.
Again.... use something written in C, Perl, Common LISP, even COBOL to
parse the description and generate a binary blob from it that you then
stuff into the kernel. No in-kernel runtime for high-level general purpose
languages needed at all.
> At the same time I want people to benefit from using
> high level langages (even kernel gurus don't use
> Assembler all the time, higher level languages is
> easier to use and less lines of code to write).
Kernel gurus write C and think assembler. Wrong crowd selected ;-)
> .....
>
> > > 2. Protect system from bugs in security policy
> > > created by system administrator (user).
> > Sounds like you are demanding a solution to Turing's test here... and
> > also to the halting problem.
> I didn't claim that I solve all problems on earth :-)
You certainly do. How do you protect the system from a mistaken policy that
takes away all rights from the user supposed to manage it, and gives them
to the local script kiddie instead?
> What I can claim:
> 1. Some kernel parts can be developed with language of
> higher level than C.
It efficiency doesn't matter, do it in userland. If efficiency matters, do
it in hand-tuned C + assembly, inside the kernel only if there is no other
way.
> 2. Problems with such parts can be to some extent be
> encapsulated within VM (no, it's not 100% fool prof
> for sure), but it helps.
Doing it in userland helps even more.
> 3. Code can be easily debugged in the user space
> (running with user space VM) and used in the kernel
> after that.
The environment isn't the same, so this doesn't help that much. Besides, if
the job _can_ be done in userland, it has no business being done in the
kernel. Stuff is being moved _out_ of the kernel (for example, finding
partitions and filesystems) as we speak...
[...]
> LISP code is located in the kernel. Application issues a system call LISP
> program checks arguments of this call. If LISP program fails (crashes) -
> VM will return default value which is EACCESS, so application will get
> 'access denied'. (and will fail, probably).
So the idea is _userland_ code stuffed into the _kernel_ to be checked and
executed there? And if it is broken, and denies all access, it is a nice
DoS.
--
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria +56 32 654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
next prev parent reply other threads:[~2004-04-06 20:02 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <200404052026.i35KQh5g004342@eeyore.valparaiso.cl>
2004-04-05 21:21 ` kernel stack challenge Sergiy Lozovsky
2004-04-06 20:01 ` Horst von Brand [this message]
[not found] <20040409182517.330.qmail@web40508.mail.yahoo.com>
2004-04-10 4:17 ` Horst von Brand
[not found] <58907794@toto.iv>
2004-04-07 4:29 ` Peter Chubb
[not found] <24DA9B48-8827-11D8-87A5-000A9585C204@able.es>
2004-04-07 0:27 ` Sergiy Lozovsky
[not found] <200404061618.i36GIHgW003419@eeyore.valparaiso.cl>
2004-04-06 18:16 ` Sergiy Lozovsky
2004-04-06 20:01 ` Valdis.Kletnieks
2004-04-06 21:38 ` Sergiy Lozovsky
2004-04-06 22:46 ` Timothy Miller
[not found] <200404061606.i36G6YLE003375@eeyore.valparaiso.cl>
2004-04-06 18:04 ` Sergiy Lozovsky
2004-04-06 18:28 ` John Stoffel
2004-04-06 18:48 ` Sergiy Lozovsky
2004-04-06 18:57 ` Richard B. Johnson
2004-04-06 21:15 ` Sergiy Lozovsky
2004-04-06 22:44 ` Timothy Miller
2004-04-06 22:57 ` viro
2004-04-06 23:32 ` Sergiy Lozovsky
2004-04-06 23:45 ` Robin Rosenberg
2004-04-07 2:25 ` Horst von Brand
[not found] <200404052043.i35KhDvS020176@turing-police.cc.vt.edu>
2004-04-05 21:06 ` Sergiy Lozovsky
[not found] <1H9LV-5Jb-1@gated-at.bofh.it>
2004-04-04 11:27 ` Andi Kleen
2004-04-04 18:24 ` Sergiy Lozovsky
2004-04-04 18:38 ` Muli Ben-Yehuda
2004-04-04 6:48 Sergiy Lozovsky
2004-04-05 9:39 ` Helge Hafting
2004-04-05 17:05 ` Sergiy Lozovsky
2004-04-05 18:06 ` Timothy Miller
2004-04-05 17:59 ` Sergiy Lozovsky
2004-04-05 19:27 ` Valdis.Kletnieks
2004-04-05 21:14 ` Timothy Miller
2004-04-05 20:09 ` John Stoffel
2004-04-05 20:54 ` Sergiy Lozovsky
2004-04-05 21:08 ` Chris Wright
2004-04-05 21:40 ` Sergiy Lozovsky
2004-04-05 21:53 ` Chris Wright
2004-04-05 22:22 ` Timothy Miller
2004-04-05 23:49 ` Sergiy Lozovsky
2004-04-06 13:25 ` Jesse Pollard
[not found] ` <20040406132750$3d4e@grapevine.lcs.mit.edu>
[not found] ` <mit.lcs.mail.linux-kernel/20040406132750$3d4e@grapevine.lcs.mit.edu>
2004-04-06 16:40 ` Patrick J. LoPresti
2004-04-06 19:10 ` Timothy Miller
2004-04-06 20:53 ` Patrick J. LoPresti
2004-04-06 21:24 ` Timothy Miller
2004-04-07 14:36 ` Jesse Pollard
2004-04-05 21:28 ` Timothy Miller
2004-04-05 21:21 ` Stephen Smoogen
2004-04-05 22:25 ` Timothy Miller
2004-04-05 21:30 ` Sergiy Lozovsky
2004-04-05 21:45 ` Kevin Fox
2004-04-05 21:59 ` Robin Rosenberg
2004-04-05 22:52 ` Sergiy Lozovsky
2004-04-06 0:46 ` Robin Rosenberg
2004-04-06 0:55 ` Robin Rosenberg
2004-04-06 3:02 ` Sergiy Lozovsky
2004-04-06 3:04 ` Randy.Dunlap
2004-04-05 22:20 ` Timothy Miller
2004-04-05 23:27 ` Sergiy Lozovsky
2004-04-06 20:16 ` Horst von Brand
2004-04-06 20:58 ` Timothy Miller
2004-04-06 22:05 ` Sergiy Lozovsky
2004-04-06 22:56 ` Timothy Miller
2004-04-06 23:17 ` Sergiy Lozovsky
2004-04-08 13:11 ` Martin Waitz
2004-04-08 22:33 ` Sergiy Lozovsky
2004-04-07 2:44 ` Horst von Brand
2004-04-07 17:54 ` Sergiy Lozovsky
2004-04-08 2:43 ` Horst von Brand
2004-04-08 4:07 ` Sergiy Lozovsky
2004-04-08 4:29 ` Horst von Brand
2004-04-08 22:51 ` Sergiy Lozovsky
2004-04-08 15:44 ` Valdis.Kletnieks
2004-04-08 22:22 ` Sergiy Lozovsky
2004-04-09 15:27 ` Jesse Pollard
2004-04-05 21:12 ` Timothy Miller
2004-04-06 13:32 ` Helge Hafting
2004-04-06 17:44 ` Sergiy Lozovsky
2004-04-07 1:02 ` Horst von Brand
2004-04-07 1:34 ` Sergiy Lozovsky
2004-04-07 8:57 ` David Weinehall
2004-04-07 13:38 ` Chris Friesen
2004-04-07 17:12 ` Sergiy Lozovsky
2004-04-07 17:16 ` Sergiy Lozovsky
2004-04-07 2:30 ` viro
2004-04-06 18:33 ` Jamie Lokier
2004-04-06 18:51 ` Sergiy Lozovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200404062001.i36K1DsD004198@eeyore.valparaiso.cl \
--to=vonbrand@inf.utfsm.cl \
--cc=linux-kernel@vger.kernel.org \
--cc=serge_lozovsky@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).