Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
To: Ray Lee <ray-lk@...>
Cc: Bernd Petrovitsch <bernd@...>, Chris Wright <chrisw@...>, Casey Schaufler <casey@...>, Adrian Bunk <bunk@...>, Simon Arlott <simon@...>, <linux-kernel@...>, <linux-security-module@...>, Jan Engelhardt <jengelh@...>, Linus Torvalds <torvalds@...>, Andreas Gruenbacher <agruen@...>, Thomas Fricaccia <thomas_fricacci@...>, Jeremy Fitzhardinge <jeremy@...>, James Morris <jmorris@...>, Crispin Cowan <crispin@...>, Giacomo Catenazzi <cate@...>, Alan Cox <alan@...>
Date: Thursday, October 25, 2007 - 1:10 pm

On Thu, 25 Oct 2007 09:04:57 -0700
"Ray Lee" <ray-lk@madrabbit.org> wrote:



I absolutely agree it's a layer game.
HOWEVER, even in a layer game we need to have each layer to be
reasonably solid and not just fake security ("snakeoil").

So while I think it is entirely fair to judge a piece of software
against what it intends/claims to do, because other pieces in the layer
game will depend on it to function reasonably well. 

So most of the LSM fist-fights have been about disagreement of the
intent; and some about code not living up to its own intend, all mixed
up. Arguing about the intent is less productive imo (as long as it's at
least somewhat reasonable, intend like "I want to add rootkits" doesn't
count obviously), paying attention to check if the code lives up to its
stated intent/purpose on the other hand is immensely useful and needed;
for a given implementation it may mean reducing the scope of the intent
if the implementation just doesn't go as wide as originally thought, or
fixing some issues in the implementation to live up to the intent.
-
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
Re: LSM conversion to static interface, Linus Torvalds, (Wed Oct 17, 10:18 pm)
Re: Re: LSM conversion to static interface, Crispin Cowan, (Sun Oct 21, 9:12 pm)
Re: LSM conversion to static interface, Andreas Gruenbacher, (Fri Oct 19, 4:26 pm)
Re: LSM conversion to static interface, James Morris, (Fri Oct 19, 5:07 pm)
Re: LSM conversion to static interface, Linus Torvalds, (Fri Oct 19, 4:40 pm)
Re: LSM conversion to static interface, Jan Engelhardt, (Sat Oct 20, 7:05 am)
Re: LSM conversion to static interface, James Morris, (Sat Oct 20, 6:57 pm)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 5:13 am)
Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Tue Oct 23, 12:09 am)
Re: LSM conversion to static interface [revert patch], James Morris, (Tue Oct 23, 12:56 am)
Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Tue Oct 23, 12:57 am)
Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 1:16 am)
Re: LSM conversion to static interface [revert patch], Jeremy Fitzhardinge, (Tue Oct 23, 8:31 pm)
Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Wed Oct 24, 1:06 am)
Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 2:51 pm)
Re: eradicating out of tree modules, Adrian Bunk, (Sun Oct 28, 3:25 pm)
Re: eradicating out of tree modules, Tilman Schmidt, (Mon Oct 29, 8:29 pm)
Re: eradicating out of tree modules, linux-os (Dick Johnson), (Tue Oct 30, 9:11 am)
Re: eradicating out of tree modules, Greg KH, (Tue Oct 30, 11:30 am)
Re: eradicating out of tree modules, Xavier Bestel, (Tue Oct 30, 9:19 am)
Re: eradicating out of tree modules, Stefan Richter, (Sun Oct 28, 5:25 am)
Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 8:01 am)
Re: eradicating out of tree modules, Stefan Richter, (Sun Oct 28, 10:37 am)
Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 12:55 pm)
Re: eradicating out of tree modules, Simon Arlott, (Sun Oct 28, 10:59 am)
Re: eradicating out of tree modules, Stefan Richter, (Sat Oct 27, 1:31 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Toshiharu Harada, (Mon Oct 29, 11:23 pm)
Re: Linux Security *Module* Framework, Tilman Schmidt, (Sun Oct 28, 3:42 pm)
Re: Linux Security *Module* Framework, Jan Engelhardt, (Sun Oct 28, 4:46 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Bernd Petrovitsch, (Thu Oct 25, 5:19 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Bernd Petrovitsch, (Tue Oct 30, 5:41 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Arjan van de Ven, (Thu Oct 25, 1:10 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Toshiharu Harada, (Mon Oct 29, 11:37 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Arjan van de Ven, (Wed Oct 24, 10:19 pm)
Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 8:32 pm)
Re: LSM conversion to static interface [revert patch], Jan Engelhardt, (Tue Oct 23, 5:10 am)
Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 5:13 am)
Re: LSM conversion to static interface [revert patch], Jan Engelhardt, (Tue Oct 23, 5:14 am)
Re: LSM conversion to static interface, Adrian Bunk, (Sun Oct 21, 6:59 pm)
Re: LSM conversion to static interface, Giacomo Catenazzi, (Tue Oct 23, 1:44 am)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 4:55 am)
Re: LSM conversion to static interface, Serge E. Hallyn, (Tue Oct 23, 11:20 am)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 11:28 am)
Re: LSM conversion to static interface, Serge E. Hallyn, (Tue Oct 23, 11:34 am)
Re: LSM conversion to static interface, Giacomo A. Catenazzi, (Tue Oct 23, 5:14 am)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 5:18 am)