Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Quoting Alan Cox ([email protected]):
> On Llu, 2006-04-24 at 10:24 +0200, Lars Marowsky-Bree wrote:
> > On 2006-04-23T05:45:34, [email protected] wrote:
> > 
> > > > AppArmor are not likely to put careful thought into the policies that
> > > > they use?
> > > They're not likely to put careful thought into it, *AND* that saying things
> > > like "AppArmor is so *simple* to configure" only makes things worse - this
> > > encourages unqualified people to create broken policy configurations.
> > 
> > That is about the dumbest argument I've heard so far, sorry. 
> 
> Its the conclusion of most security experts I know that broken security
> is worse than no security at all. 

By the way, this is predicated on the assumption that the broken
security will cause the user to expose more data.  However in many cases
these days, that is sadly not the case.  Amazon will store my cc data
regardless whether they are running selinux, apparmor, or nothing.

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux