Where Are We?

• Previous message: jmjonesat_private: "Re: permissive vs. restrictive issue and solutions..."
• Next in thread: Chris Lundberg: "Re: Where Are We?"
• Reply: Chris Lundberg: "Re: Where Are We?"
• Reply: Casey Schaufler: "Re: Where Are We?"
• Reply: Stephen Smalley: "Re: Where Are We?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

How inaccurate are the following summaries?

Dr. Cowen: the smaller the changes to the original kernel code 
           the better, unless ABSOLUTELY necessary.  The idea
           of "breaking capabilities" out, maybe discarding them
           altogether.

Professor/Dr. Wagner: There are ways to build "smart logic" into 
          the kernel to flip between options (I think, you're over
          my head here... jmj)   

Stephen Smalley: The minimal invasive hook is to let the kernel
          have its way, then potentially override it with the module,
          but capabilities have to stay for political reasons.

Chris Wright: How do we do this in ACTUAL code, I *think* leaning 
          toward Mr. (Dr?) Smalley's method.

JMJONES:  Move as much to the module as necessary, but no more.
          Leave the maximum number of options in the interface.  
          Create a structure that allows the most variation in 
          module strategy starting from HERE.

Greg K-H: Hahahahaha (probably the smartest of us all (^_^)(jmj)).

Matt B:   Move it ALL to the module, rip it out of the kernel.  
Titus:    Move it ALL to the module, rip it out of the kernel.  Take
          the "hit points" now.

Jesse Pollard: Move as much security as is possible out of the kernel, 
          share the original security if desired.

Casey Shaufler:  Move a lot to the module, but don't interfere with or 
          discount capabilities, since permissive is inherent in his/her
          MASTER PLAN.

I apologize to any I got "dead wrong", but could we reduce the argument
to a statement of 25 words or less for each position, then move from 
there?  Also, I know the above list puts me in the "center"... personal 
privilege, for now.  

I'm "on hold" with my modules, and "anything" is beginning rise in 
the ranks of solution(s) here.  I don't want to move forward then 
have to "trash" a lot of code.

Thanks,
Geoff



|>------------------------------------------------------
||  J. MELVIN JONES            jmjonesat_private 
|>------------------------------------------------------
||  Microcomputer Systems Consultant  
||  Software Developer
||  Web Site Design, Hosting, and Administration
||  Network and Systems Administration
|>------------------------------------------------------
||  http://www.jmjones.com/
|>------------------------------------------------------


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: jmjonesat_private: "Okay"
• Previous message: jmjonesat_private: "Re: permissive vs. restrictive issue and solutions..."
• Next in thread: Chris Lundberg: "Re: Where Are We?"
• Reply: Chris Lundberg: "Re: Where Are We?"
• Reply: Casey Schaufler: "Re: Where Are We?"
• Reply: Stephen Smalley: "Re: Where Are We?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 09:34:31 PDT