Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 19 Apr 2006, Greg KH wrote:

> So please feel free to submit your patch, especially as without another
> LSM user in the kernel tree, the interface will probably go away.

At this point, LSM has really proven itself to be a bad interface and 
should probably go away in any case.

Its semantics are too weak, and developers are not designing their code 
according to what is suitable for the kernel, but rather, whatever happens 
to fit easily into LSM, which us just about anything.

The LSM interface is also being abused by several proprietary kernel 
modules, some of which are not even security related.  In one case, 
there's code which dangerously revectors SELinux with a shim layer 
designed to try and bypass the GPL.  Some of this is a response to 
unexporting the syscall table, where projects which abused that have now 
switched to LSM.

I think it's clear now, if it wasn't already, that bad interfaces foster 
bad code.


- James
-- 
James Morris
<[email protected]>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux