Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Apr 17, 2006 at 03:20:55PM -0400, James Morris wrote:
> On Mon, 17 Apr 2006, Christoph Hellwig wrote:
> 
> > > Or, better, remove LSM itself ;)
> > 
> > Seriously that makes a lot of sense.  All other modules people have come up
> > with over the last years are irrelevant and/or broken by design.
> 
> It's been nearly a year since I proposed this, and we've not seen any 
> appropriate LSM modules submitted in that time.
> 
> See
> http://thread.gmane.org/gmane.linux.kernel.lsm/1120
> http://thread.gmane.org/gmane.linux.kernel.lsm/1088
> 
> The only reason I can see to not delete it immediately is to give BSD 
> secure levels users a heads-up, although I thought it was already slated 
> for removal.  BSD secure levels is fundamentally broken and should 
> never have gone into mainline.

I agree about the BSD secure levels code, it has a known reported
security problem, with no response by its maintainers.  On that aspect
alone, it should be removed.

But for removing LSM entirely, I'm starting to like your patch.  It's
been a very long time and so far, only out-of-tree LSMs are present,
with no public statements about getting them submitted into the main
kernel tree.  And, I think almost all of the out-of-tree modules already
need other kernel patches to get their code working properly, so what's
a few more hooks needed...

/me pokes the bushes to flush out the people lurking

Oh, but do remember, the main goal of LSM was to stop people from
arguing about different security models.  Now that it is in, we haven't
had any bickering about different types of things that should go into
mainline, all with different models and usages.  Everyone gets to play
in their own sandbox and not worry about anyone else.  If the LSM
interface was to go away, that problem would start happening again, and
I don't think we want to go there.

So, I think the only way to be able to realisticly keep the LSM
interface, is for a valid, working, maintained LSM-based security model
to go into the kernel tree.  So far, I haven't seen any public posting
of patches that meet this requirement :(

thanks,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux