Re: Making forward progress

From: Casey Schaufler (caseyat_private)
Date: Fri Aug 03 2001 - 07:44:46 PDT

  • Next message: jmjonesat_private: "Re: The Demise of Simple Assurance?"

    Stephen Smalley wrote:
    > As I've said, there is no new evidence here.  And as far as I know,
    > only SGI is unhappy about the status quo ...
    While statements like this go a long ways toward making
    me feel special, they don't address the issues. I understand
    that SELinux is happy with LSM as it is today. SGI is not.
    We've raised several issues, including Audit (which has been
    defered) alternative DAC mechanisms, and MAC. No one will
    be able to do any of these things* with the current scheme.
    We just happen to be the first ones here, so we're the
    ones pointing out the shortfalls. I understand that
    there is a set of schemes that can use LSM as it is now,
    and that's great. However, the fact that there are others,
    which have been identified and the LSM cannot address
    deserves better than the sort of attention it's received.
    * OKay, SElinux can do everything. I mean a native
      implementation which can satisfy and be evaluated
      at LSPP.
    Casey Schaufler				Manager, Trust Technology, SGI
    caseyat_private				voice: 650.933.1634
    casey_pat_private			Pager: 888.220.0607
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 07:40:33 PDT