Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

On Wed, 24 Oct 2007 17:41:28 -0700
Chris Wright <[email protected]> wrote:

> * Linus Torvalds ([email protected]) wrote:
> > Do other people want to stand up and be "LSM maintainers" in the
> > sense that they also end up being informed members who can also
> > stand up for new modules and help merge them, rather than just push
> > the existing one(s)? Chris? Casey? Crispin?
> 
> Stephen and James, despite their clear bias towards SELinux, do try to
> give good feedback.  But you are right, there's not enough active help
> for people trying to make a contribution to get their code in shape.
> Many of the modules that come along have been misguided conceptually,
> but I think that e.g. apparmor, tomoyo, smack could use that kind
> of constructive help to get into final mergable shape.  Personally,
> I haven't spent nearly enough time reviewing those, my apologies to
> those developers.  So, yes, help is welcome.
> 

I'll be happy to help out; I'd consider my self neutral in this space
not having worked with any of the LSM out there. I do think we need to
be somewhat critical to what we accept; we should at least be able to
filter out "pretend security" somehow. (this is not the same as saying
that you're bad if you only provide a limited security, in the
contrary, I strongly believe in simple pieces. What I mean is that we
should be critical to things that appear/claim to be strong but are
not).

Secondly, we should make sure that no new holes are added (the original
SMACK series suffered from this, Al Viro helped getting that reviewed
bigtime).

In addition we probably should strive to getting some sort of rough
"this is sort of where we draw the line" guideline set up, just to keep
things more objective.

(Oh and of course, if a security module is deeply involved in another
kernel subsystem, say networking or the VFS, very obviously we should
consult and listen to the respective maintainers of that subsystem; LSM
is not there to be a big hook to bypass the process of well maintained
subsystems)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
    • From: Adrian Bunk <[email protected]>
  • Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
    • From: Casey Schaufler <[email protected]>
  • Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
    • From: Adrian Bunk <[email protected]>
  • Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
    • From: Linus Torvalds <[email protected]>
  • Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
    • From: Chris Wright <[email protected]>

• Prev by Date: Re: [PATCH] Hardware Monitor LM70: Convert semaphore to mutex
• Next by Date: Re: [patch 1/5] wait: use lock bitops for __wait_on_bit_lock
• Previous by thread: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
• Next by thread: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]