login
Header Space

 
 

Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

Score:
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
To: Crispin Cowan <crispin@...>
Cc: Alan Cox <alan@...>, Ray Lee <ray-lk@...>, Chris Wright <chrisw@...>, Casey Schaufler <casey@...>, Adrian Bunk <bunk@...>, Simon Arlott <simon@...>, <linux-kernel@...>, <linux-security-module@...>, Jan Engelhardt <jengelh@...>, Linus Torvalds <torvalds@...>, Andreas Gruenbacher <agruen@...>, Thomas Fricaccia <thomas_fricacci@...>, Jeremy Fitzhardinge <jeremy@...>, James Morris <jmorris@...>, Giacomo Catenazzi <cate@...>
Date: Monday, October 29, 2007 - 1:12 am

On Sun, 28 Oct 2007 15:08:56 -0700
Crispin Cowan <crispin@crispincowan.com> wrote:


exactly; this is why I've been pushing recently for each new LSM to at
least document and make explicit what it tries to protect / protect
against (threat model and defense model in traditional security terms).
Without such an explicit description it's both impossible to
"neutrally" review a proposed LSM towards its goals, and it ends up as
a result with people making assumptions and attacking the model because
there's no separation between code and model.

 

again I agree pretty much; I do want to reserve some minimum "common
sense" bar because people may (and probably will) do silly things withs
LSMs that are really not the right thing to do objectively.


-- 
If you want to reach me at my work email, use arjan@linux.intel.com
For development, discussion and tips for power savings, 
visit http://www.lesswatts.org
-
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
Re: LSM conversion to static interface, Linus Torvalds, (Wed Oct 17, 10:18 pm)
Re: Re: LSM conversion to static interface, Crispin Cowan, (Sun Oct 21, 9:12 pm)
Re: LSM conversion to static interface, Andreas Gruenbacher, (Fri Oct 19, 4:26 pm)
Re: LSM conversion to static interface, James Morris, (Fri Oct 19, 5:07 pm)
Re: LSM conversion to static interface, Linus Torvalds, (Fri Oct 19, 4:40 pm)
Re: LSM conversion to static interface, Jan Engelhardt, (Sat Oct 20, 7:05 am)
Re: LSM conversion to static interface, James Morris, (Sat Oct 20, 6:57 pm)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 5:13 am)
Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Tue Oct 23, 12:09 am)
Re: LSM conversion to static interface [revert patch], James Morris, (Tue Oct 23, 12:56 am)
Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Tue Oct 23, 12:57 am)
Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 1:16 am)
Re: LSM conversion to static interface [revert patch], Jeremy Fitzhardinge, (Tue Oct 23, 8:31 pm)
Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Wed Oct 24, 1:06 am)
Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 2:51 pm)
Re: eradicating out of tree modules, Adrian Bunk, (Sun Oct 28, 3:25 pm)
Re: eradicating out of tree modules, Tilman Schmidt, (Mon Oct 29, 8:29 pm)
Re: eradicating out of tree modules, linux-os (Dick Johnson), (Tue Oct 30, 9:11 am)
Re: eradicating out of tree modules, Greg KH, (Tue Oct 30, 11:30 am)
Re: eradicating out of tree modules, Xavier Bestel, (Tue Oct 30, 9:19 am)
Re: eradicating out of tree modules, Stefan Richter, (Sun Oct 28, 5:25 am)
Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 8:01 am)
Re: eradicating out of tree modules, Stefan Richter, (Sun Oct 28, 10:37 am)
Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 12:55 pm)
Re: eradicating out of tree modules, Simon Arlott, (Sun Oct 28, 10:59 am)
Re: eradicating out of tree modules, Stefan Richter, (Sat Oct 27, 1:31 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Toshiharu Harada, (Mon Oct 29, 11:23 pm)
Re: Linux Security *Module* Framework, Tilman Schmidt, (Sun Oct 28, 3:42 pm)
Re: Linux Security *Module* Framework, Jan Engelhardt, (Sun Oct 28, 4:46 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Bernd Petrovitsch, (Thu Oct 25, 5:19 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Bernd Petrovitsch, (Tue Oct 30, 5:41 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Arjan van de Ven, (Mon Oct 29, 1:12 am)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Toshiharu Harada, (Mon Oct 29, 11:37 pm)
Re: Linux Security *Module* Framework (Was: LSM conversion t..., Arjan van de Ven, (Wed Oct 24, 10:19 pm)
Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 8:32 pm)
Re: LSM conversion to static interface [revert patch], Jan Engelhardt, (Tue Oct 23, 5:10 am)
Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 5:13 am)
Re: LSM conversion to static interface [revert patch], Jan Engelhardt, (Tue Oct 23, 5:14 am)
Re: LSM conversion to static interface, Adrian Bunk, (Sun Oct 21, 6:59 pm)
Re: LSM conversion to static interface, Giacomo Catenazzi, (Tue Oct 23, 1:44 am)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 4:55 am)
Re: LSM conversion to static interface, Serge E. Hallyn, (Tue Oct 23, 11:20 am)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 11:28 am)
Re: LSM conversion to static interface, Serge E. Hallyn, (Tue Oct 23, 11:34 am)
Re: LSM conversion to static interface, Giacomo A. Catenazzi, (Tue Oct 23, 5:14 am)
Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 5:18 am)
speck-geostationary