Re: LSM conversion to static interface

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
From: Andreas Gruenbacher
Date: Friday, October 19, 2007 - 1:26 pm

On Thursday 18 October 2007 04:18, Linus Torvalds wrote:

The patch doesn't hurt AppArmor, but it's still a step in the wrong direction.

Quoting from commit 20510f2f (Convert LSM into a static interface):

This is idiotic. Just because there is no safe way to unload SELinux

 - doesn't mean there is no safe way to unload other LSMs: if nothing
   but that, unloading is handy during development.

 - doesn't mean that module *loading* is unsafe. The patch removes module
   loading as well, which hurts more than removing module unloading.

LSM can be abused ... so what, this doesn't mean the interface is bad. Non-LSM 
loadable modules have been known to do lots of bad things, and yet nobody 
made them non-loadable either (yet).


Non-trivial modules (i.e., practically everything beyond capabilities) become 
effective only after loading policy, anyway. If you can load policy, you can 
as well first load a security module without making the system insecure.

Thanks,
Andreas
-
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
Re: LSM conversion to static interface, Linus Torvalds, (Wed Oct 17, 7:18 pm)
Re: LSM conversion to static interface, Andreas Gruenbacher, (Fri Oct 19, 1:26 pm)
Re: LSM conversion to static interface, Linus Torvalds, (Fri Oct 19, 1:40 pm)
Re: LSM conversion to static interface, James Morris, (Fri Oct 19, 2:07 pm)
Re: LSM conversion to static interface, Jan Engelhardt, (Sat Oct 20, 4:05 am)
Re: LSM conversion to static interface, James Morris, (Sat Oct 20, 3:57 pm)
Re: LSM conversion to static interface, Adrian Bunk, (Sun Oct 21, 3:59 pm)
Re: Re: LSM conversion to static interface, Crispin Cowan, (Sun Oct 21, 6:12 pm)
Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Mon Oct 22, 9:09 pm)
Re: LSM conversion to static interface [revert patch], James Morris, (Mon Oct 22, 9:56 pm)
Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Mon Oct 22, 9:57 pm)
Re: LSM conversion to static interface [revert patch], Chris Wright, (Mon Oct 22, 10:16 pm)
Re: LSM conversion to static interface, Giacomo Catenazzi, (Mon Oct 22, 10:44 pm)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 1:55 am)
Re: LSM conversion to static interface [revert patch], Jan Engelhardt, (Tue Oct 23, 2:10 am)
Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 2:13 am)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 2:13 am)
Re: LSM conversion to static interface [revert patch], Jan Engelhardt, (Tue Oct 23, 2:14 am)
Re: LSM conversion to static interface, Giacomo A. Catenazzi, (Tue Oct 23, 2:14 am)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 2:18 am)
Re: LSM conversion to static interface, Serge E. Hallyn, (Tue Oct 23, 8:20 am)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 8:28 am)
Re: LSM conversion to static interface, Serge E. Hallyn, (Tue Oct 23, 8:34 am)
Re: LSM conversion to static interface [revert patch], Jeremy Fitzhardinge, (Tue Oct 23, 5:31 pm)
Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 5:32 pm)
Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Tue Oct 23, 10:06 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion ..., Bernd Petrovitsch, (Thu Oct 25, 2:19 am)
Re: LSM conversion to static interface, Valdis.Kletnieks, (Thu Oct 25, 3:23 am)
Re: Linux Security *Module* Framework (Was: LSM conversion ..., Arjan van de Ven, (Thu Oct 25, 10:10 am)
Re: eradicating out of tree modules, Stefan Richter, (Sat Oct 27, 10:31 am)
Re: eradicating out of tree modules, Stefan Richter, (Sun Oct 28, 2:25 am)
Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 5:01 am)
Re: eradicating out of tree modules, Stefan Richter, (Sun Oct 28, 7:37 am)
Re: eradicating out of tree modules, Simon Arlott, (Sun Oct 28, 7:59 am)
Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 9:55 am)
Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 11:51 am)
Re: eradicating out of tree modules, Adrian Bunk, (Sun Oct 28, 12:25 pm)
Re: Linux Security *Module* Framework, Tilman Schmidt, (Sun Oct 28, 12:42 pm)
Re: Linux Security *Module* Framework, Jan Engelhardt, (Sun Oct 28, 1:46 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion ..., Arjan van de Ven, (Sun Oct 28, 10:12 pm)
Re: eradicating out of tree modules, Tilman Schmidt, (Mon Oct 29, 5:29 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion ..., Bernd Petrovitsch, (Tue Oct 30, 2:41 am)
Re: eradicating out of tree modules, linux-os (Dick Johnson), (Tue Oct 30, 6:11 am)
Re: eradicating out of tree modules, Xavier Bestel, (Tue Oct 30, 6:19 am)
Re: eradicating out of tree modules, Greg KH, (Tue Oct 30, 8:30 am)