[Dazuko-devel] Dazuko 1.2.0-pre2 available

[John Ogness]

Hi,

I have just released 1.2.0-pre2. One of the biggest problems I was 
having with the birthday release was my implementation of cascading. It 
was based on a linked list, which is nearly impossible to efficiently 
manage on an SMP machine. Needless to say, it has been reimplemented 
using an array with protected containers.

Many of the functions have been inlined and declared as static. This 
MIGHT help the ON_EXEC events. The ON_EXEC events have been turned back 
on by default in this version. For me it has been running flawlessly. I 
will continue testing to see if it is OK. I have suspected the ON_EXEC 
problems were due to stack overflows and the inline's may have helped this.

I am going to do some code cleanup for the next pre-release. There are a 
few things in there that I would like to improve on. I also need to do 
some testing for the ON_CLOSE_MODIFIED event to make sure that it is 
running good (although it is still turned off by default).

RedHat 9 no longer exports the system call table OR the on_exit symbol. 
This means that Dazuko can no longer be dynamically loaded into the 
RedHat 9 kernel. Although this is frustrating to many RedHat users who 
rely on Dazuko, I can understand RedHat's incentive and it does provide 
a more secure kernel. I will be developing a kernel patch soon.

I have also been looking at the RSBAC (http://rsbac.org) code to see how 
Dazuko can be integrated. From what I have seen so far, it would be 
easiest to implement Dazuko as a Malware Scanner (MS component) for 
RSBAC. This should work with Dazuko nearly "as-is", meaning that people 
who use RSBAC (Trusted Debian) could utilize the Dazuko interface for 
easy 3rd-party interaction.

If you are developing software to use Dazuko, please use the 1.2.0-pre2 
release. It runs very stable and utilizes the new dazukoRegister() 
function to provide cascading. Once its stability has been proven, it 
will be released.

John Ogness

--
Dazuko Maintainer