Stephen Smalley wrote: > On Mon, 4 Jun 2001, Casey Schaufler wrote: > > No. This is wrong thinking. Every commercial security effort > > has tried the "first do no harm" approach, and the results > > have been universally atrocious. > > People are likely to whine more about changes that have no > perceived value, especially if they are pervasive > and significant. I suspect that moving the base Linux > access control logic out of the kernel has little or no > perceived value to the Linux kernel developers. I tend to agree with Smalley here: regardless of the merrits of the argument, if LSM is a massive change to the way the kernel works, it will likely be rejected, and all this effort is for naught. I am also as concerned as Smalley that such a massive change could be made correctly in a timely fashion. If we were designing a new (micro)kernel, then the considerations would be very different. But we're trying to do surgery on a living thing, so we have to try to make the smallest incisions possible. As a result, I would only vote for the "move EVERYTHING to the modules" option (whatever it's number :-) if it can be shown to be absolutely necessary. I'd rather look for another way to get most of what we want. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com//Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 17:27:29 PDT