Re: The Demise of Simple Assurance?

From: richard offer (offerat_private)
Date: Wed Aug 01 2001 - 15:20:08 PDT

  • Next message: jmjonesat_private: "Re: The Demise of Simple Assurance?"

    * frm crispinat_private "08/01/01 13:10:11 -0700" | sed '1,$s/^/* /'
    * I perceive the community as currently split on tha authoritative question.
    *    * Still want restrictive-only hooks:  Crispin, Greg, and David Wagner
    *    * Want authoritative hooks:  Valdis, Richard Offer, JMJ
    * Much of the motive to yield the simple assurance property is the big pile
    * of stuff that allegedly improves if we go to authoritative hooks.
    * However, I posted a bunch of issues with those alleged benefits last
    * night, and I'm still waiting to hear back from SGI as to whether
    * authoritative hooks (*without* moving the kernel's DAC logic into a
    * module) make things better for them.  If not, we're back to square one.
    I'm not sure I saw the issues, I have been distracted this week with trying
    to get the code working on IA64, so I may have missed it buried amongst the
    other discussions.
    I'll go back and try to dig them out.
    * Crispin
    Richard Offer                     Technical Lead, Trust Technology, SGI
    "Specialization is for insects"
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 15:21:36 PDT