Re: The Demise of Simple Assurance?

• Previous message: jmjonesat_private: "Re: The Demise of Simple Assurance?"
• In reply to: richard offer: "Re: The Demise of Simple Assurance?"
• Next in thread: richard offer: "Re: The Demise of Simple Assurance?"
• Next in thread: Seth Arnold: "Re: The Demise of Simple Assurance?"
• Next in thread: jmjonesat_private: "Re: The Demise of Simple Assurance?"
• Reply: richard offer: "Re: The Demise of Simple Assurance?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 31 Jul 2001, richard offer wrote:

> I thought we agreed to not call it MAC/DAC sequence, but module/in-kernel
> sequence :-)

I think we did, but only to a certain extent.

I saw the consensus/agreement as being to consider in-kernel checks as a
finite element, and in-module checks as a separate element.  Where these
two considerations are indivisable, i'd thought we given "preference" to
in-kernel checks.

> 
> I thought that being fully authoritative using a single hook implied moving
> current kernel logic out into a module. There would be no issues with
> module/in-kernel sequence since there would be no in-kernel.

"Fully Authoritative" vs. "Simply Authoritative".  I don't think moving
logic OUT of the kernel in order to reproduce it in the modules was ever
something agreed upon.  I may be wrong.

Not that I think this is a bad idea, largely, but I think it has been
"argued down" for many reasons.  Even eliminating the "simple-assurance"
argument, there is the issue of "kernel invasion".  Do you have a response
to that argument?

> 
> Of course I'm probably wrong.
> 

Not necessarily, but you need to prove you're right, imho.

> * 
> * Crispin

> 
> richard.
> 
> -----------------------------------------------------------------------
> Richard Offer                     Technical Lead, Trust Technology, SGI
> "Specialization is for insects"
> _______________________________________________________________________
> 

J. Melvin Jones

|>------------------------------------------------------
||  J. MELVIN JONES            jmjonesat_private 
|>------------------------------------------------------
||  Microcomputer Systems Consultant  
||  Software Developer
||  Web Site Design, Hosting, and Administration
||  Network and Systems Administration
|>------------------------------------------------------
||  http://www.jmjones.com/
|>------------------------------------------------------




_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Jesse Pollard: "SMP for testing..."
• Previous message: jmjonesat_private: "Re: The Demise of Simple Assurance?"
• In reply to: richard offer: "Re: The Demise of Simple Assurance?"
• Next in thread: richard offer: "Re: The Demise of Simple Assurance?"
• Next in thread: Seth Arnold: "Re: The Demise of Simple Assurance?"
• Next in thread: jmjonesat_private: "Re: The Demise of Simple Assurance?"
• Reply: richard offer: "Re: The Demise of Simple Assurance?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 17:47:34 PDT