Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

Peter Dolding wrote:
> Lets end the bitrot.  Start having bits go into the main OS security
> features where they should be.
>   
Linus categorically rejected this idea, several times, very clearly.

He did so because the security community cannot agree on a
one-true-standard for what that OS security feature set should be. From
looking at this thread and many others, he is correct; there is no
consensus on what the feature set should be.

So you can wish for the "main OS security features" all you want, but it
is not going to happen without a miraculous degree of consensus abruptly
arising.

On the contrary, security, done well, is a tight fitting suit. It must
be tight, or it allows too much slack and attackers can exploit that. To
make it tight, it must be tailored to the situation at hand. That means
that there may *never* be a consensus on the "one true way", because it
could be that there is no "one true way". It could be that SMACK is best
in some cases, AppArmor in others, SELinux in others yet again, MLS in
others, etc. etc.

I agree with Casey; LSM may not be perfect, but it is a great deal more
consensus than I have seen anywhere else in the security community. Your
desire that AppArmor and SELinux should share code has already happened:
LSM *is* the sharable code base between AppArmor, SELinux, and SMACK and
TOMOYO, and MultiADM, etc.

It certainly can be improved, but it is not in need of wholesale
replacement, and especially not without a clear design that addresses
clearly stated problems that lots of people are having.

Crispin

-- 
Crispin Cowan, Ph.D.               http://crispincowan.com/~crispin
CEO, Mercenary Linux		   http://mercenarylinux.com/
	       Itanium. Vista. GPLv3. Complexity at work

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
    • From: "Toshiharu Harada" <[email protected]>
  • Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
    • From: "Peter Dolding" <[email protected]>

• References:
  • Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
    • From: "Rob Meijer" <[email protected]>
  • Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
    • From: Crispin Cowan <[email protected]>
  • Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
    • From: "Peter Dolding" <[email protected]>
  • Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
    • From: Jan Engelhardt <[email protected]>
  • Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
    • From: Peter Dolding <[email protected]>
  • Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
    • From: [email protected]
  • Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
    • From: "Peter Dolding" <[email protected]>

• Prev by Date: Re: 2.6.23 regression: accessing invalid mmap'ed memory from gdb causes unkillable spinning
• Next by Date: Re: Huawei E220 and usb storage
• Previous by thread: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
• Next by thread: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]