jmjonesat_private wrote: > MY attempt is to discuss various strategies and how they're supported... > or unsupported, in the LSM interface... not to specifically argue against > any strategy, just to argue that it implies other strategies that might > also be relevant. We all understand that excluding permissive hooks excludes certain defensive strategies. An explicit decision has been made to exclude those hooks and those strategies anyway for phase 1. This decision was made advisedly, aware of both the costs (precluded strategies such as honeypots) and benefits (simple assurance property, easier acceptance in the mainline kernel) and with a compromise built in (support for the Capabilities hooks). There is no need to keep reminding us :-) Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 22:42:18 PDT