Wouldn't this kernel security feature be useful?

[chrelad]

Hi everyone, I found a Slashdot article today regarding a pretty neat kernel security feature in Windows Vista and thought that the idea may be embraced by the Linux community as well. Here is the article:

An anonymous reader writes to mention that in the final part of his three part series, Mark Russinovich wraps up his look at changes made in the Windows Vista Kernel by exploring advancements in reliability, recovery, and security. "Applications written for Windows Vista can, with very little effort, gain automatic error recovery capabilities by using the new transactional support in NTFS and the registry with the Kernel Transaction Manager. When an application wants to make a number of related changes, it can either create a Distributed Transaction Coordinator (DTC) transaction and a KTM transaction handle, or create a KTM handle directly and associate the modifications of the files and registry keys with the transaction. If all the changes succeed, the application commits the transaction and the changes are applied, but at any time up to that point the application can roll back the transaction and the changes are then discarded."

You can read the whole thing and the comments here:

<http://it.slashdot.org/article.pl?si...32216&from=rss>

I was wondering if this particular feature existed in the Linux kernel as a module or perhaps built into the kernel. If not, maybe it ought to be? Just figured it was a novel idea and may contribute to the already impressive security facilities of the Linux kernel.

Any ideas, critisisms and thoughts are welcome!

GO LINUX!!!

[likwid]

Doesn't make any sense in context of linux.

[bigtomrodney]

I thought there was functionality similar to this already? I did a quick google but I'm not really sure what search terms to use. Has anyone else heard of anything like this? Does inotify have something like this?

[chrelad]

This is becomming a hot topic at school, some of the students in my class are actually thinking of messing with there kernel source to try this out! In any case, I'll try to dig up some more details on this and post them to the forum.

As far as the post claiming that this technology doesn't have a place in the context of Linux, I would respectfully disagree... How many of the thousands of packages for Linux actually were originally thought to belong in the context of Linux? It's the concept that we are interested in and the idea that it may improve, benefit, or add functionality to the already impressive Linux kernel.

Most proprietary technologies developed by private companies probably didn't belong in the context of Linux right off the bat, but were adopted and fostered by Linux users anyway and either proved their worth, or diminished over time.

This is a great discussion and I will add more information where I find it

Thanks for the great perspectives on this issue everyone.

[chrelad]

Quoted from Wikipedia's article on Database Transactions:

n database products the ability to handle transactions allows the user to ensure that integrity of a database is maintained.

A single transaction might require several queries, each reading and/or writing information in the database. When this happens it is usually important to be sure that the database is not left with only some of the queries carried out. For example, when doing a money transfer, if the money was debited from one account, it is important that it also be credited to the depositing account. Also, transactions should not interfere with each other. For more information about desirable transaction properties, see ACID.

A simple transaction is usually issued to the database system in a language like SQL in this form:

1. Begin the transaction
2. Execute several queries (although any updates to the database aren't actually visible to the outside world yet)
3. Commit the transaction (updates become visible if the transaction is successful)

If one of the queries fails the database system may rollback either the entire transaction or just the failed query. This behaviour is dependent on the DBMS in use and how it is set up. The transaction can also be rolled back manually at any time before the commit.

http://en.wikipedia.org/wiki/Databas...of_transaction

Now, I know this is for databases, but it really helps illustrate what Microsoft is trying to do for applications.

From what I understand, and correct me if I'm wrong, the new transactional nature of Vista will make sure that all tasks that a program wants to perform are completed successfully before committing changes to memory and disk drives. Also, I'm assuming that the transaction mechanism would keep track of all interim changes that it makes to memory and disks so that it knows what to roll back and in which order to roll things back.

Possible and useful for Linux? That is the question

I'm gonna check out inotify right now...

Thanks for all the discussion everyone!

[antidrugue]

This seems to be a feature of the newest version of NTFS. Also, it is already implemented in Linux, part of the Reiser4 filesystem. At least according to the wikipedia article you linked.

[chrelad]

So, that handles the filesystem part of things, how's 'bout the memory part of things and perhaps stack and register rollback functionality? Eh?! eh!????

Just kidding Good points, though I still don't believe that it's being implemented to it's full potential. If there are anymore suggestions, they are welcomed.

[likwid]

Well I kinda filtered out the filesystem part when I first read it, now a re-read seems to make more sense.

I would think this is something RSBAC can already kind of do, from a security standpoint at least.

[anomie]

When an application wants to make a number of related changes, it can either create a Distributed Transaction Coordinator (DTC) transaction and a KTM transaction handle, or create a KTM handle directly and associate the modifications of the files and registry keys with the transaction.

This is also referred to as a logical transaction. (i.e. Everything related to the transaction gets the change applied, or in the event of an error it gets rolled back and nothing related to the transaction gets the change applied.)

If I'm reading your quote correctly, the purpose of this is to keep files and their associated Windows registry keys in sync.

GNU/Linux does not use a Windows registry.

[anomie]

P.S. How does this qualify as a "security feature"?