Chris Wright wrote: >The current implementation allows the module to override other factors in >giving you permission. It does _not_ allow the module to override other >factors in denying permission. That's backwards from what we need for security! The kernel is permissive enough already. What we most desperately need is to make it more strict. This seems really fundamental. Am I missing something? P.S. I'm surprised that you call the current approach conservative. It seems the most conservative approach is to say "A LSM is only allowed to further restrict what an application can do"; this is conservative because it means that if an attack is allowed with the LSM, then it would have been allowed without the LSM, too. In other words, my suggested approach is fail-safe, whereas the current approach is fail-open. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed May 30 2001 - 23:08:28 PDT