Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks

On Wed, 2006-04-19 at 09:42 -0700, Casey Schaufler wrote:
> 
> --- Stephen Smalley <[email protected]> wrote:
> 
> > This would be fine, if the technical approach were
> > sound (not necessarily the same as SELinux, but
> sound)
> 
> Please accept that this is a judgement call.

Judgment calls have to be made all the time; this is no different.  One
would hope that particularly in the arena of security, sound judgment
would be applied.  In this particular case, it isn't just security folks
who are troubled by reliance on pathnames, and there are plenty of prior
discussions on linux-fsdevel and linux-kernel describing the brokenness
of path-based approaches.  Why would the answer be different now?

> > and fit properly with the LSM interface.
> 
> Of course LSM will fit SELinux better than it fits
> AppArmour, LSM has been adapted to fit the needs
> of SELinux. 

This is a gross misrepresentation of the facts and history of LSM.  LSM
was jointly developed, and the initial VFS inode hooks were proposed by
none other than the WireX folks, i.e. the developers of
SubDomain/AppArmor.  From that initial proposal, though the entire
development of LSM, through the 2.5 development series after LSM was
merged, and through the 2.6 stable series so far, no one from the
AppArmor side has ever suggested a need to change the hooks to better
accomodate their needs.  Yet if you look at their implementation (and I
have, have you?), you'll see that they have to go through contortions
because the LSM interface is such a mismatch for what they do.  That
isn't due to any "adaptations" for SELinux.

> SELinux wasn't always a good fit either. LSM
> accomodated SELinux. Offer the same community
> cooperation to other you have yourself received.

Community cooperation doesn't mean embracing unsound ideas.

-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    • From: Casey Schaufler <[email protected]>

• References:
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    • From: Casey Schaufler <[email protected]>

• Prev by Date: [RFC][PATCH 3/11] security: AppArmor - LSM interface
• Next by Date: [RFC][PATCH 6/11] security: AppArmor - Userspace interface
• Previous by thread: Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
• Next by thread: Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]