On Wed, Aug 06, 2008 at 12:07:57PM +0100, tvrtko.ursulin@sophos.com wrote:
quoted text
> > - Some set of requirements suddenly appears out of the void on 
> >   linux-kernel.
> 
> Because previously it was said to go away and come back with a clear list 
> of requirements. And here you make it sound like a negative thing. See 
> what I am talking about?

The list of requirements you came up with was a very low-level set of
requirements.  This is why Al Viro called it not much better than we
want a bunch of hooks here, here, and here.

What is needed is the high-level set of requirements --- which in the
case of security fixes, really needs to start with a threat model (or
threat models).  See my previous message, where I tried to help you
guys out on this.  There are scenarios such as "The Linux Desktop",
where the Clueless User may be tricked to run random binaries.  Then
there is the "The Linux Fileserver", where users may upload malware
via CIFS, NFS, et. al, but there aren't any Clueless Users to start
the malware running on said Linux Fileserver, etc.  When you do threat
analysis you need to know whether the malware is likely to have
compromised root (superuser) access or not.   Etc.

Low-level requirements are things like "this code must take the
number, multiply by it 7, and add 42".  High-level requirements answer
the question, why the heck are you trying to do this in the first
place?!?

						- Ted
--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/