Next message: jmjonesat_private: "Re: The Demise of Simple Assurance?"
�Stephen Smalley wrote:
> As I've said, there is no new evidence here. And as far as I know,
> only SGI is unhappy about the status quo ...
While statements like this go a long ways toward making
me feel special, they don't address the issues. I understand
that SELinux is happy with LSM as it is today. SGI is not.
We've raised several issues, including Audit (which has been
defered) alternative DAC mechanisms, and MAC. No one will
be able to do any of these things* with the current scheme.
We just happen to be the first ones here, so we're the
ones pointing out the shortfalls. I understand that
there is a set of schemes that can use LSM as it is now,
and that's great. However, the fact that there are others,
which have been identified and the LSM cannot address
deserves better than the sort of attention it's received.
--
* OKay, SElinux can do everything. I mean a native
implementation which can satisfy and be evaluated
at LSPP.
Casey Schaufler Manager, Trust Technology, SGI
caseyat_private voice: 650.933.1634
casey_pat_private Pager: 888.220.0607
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30
: Fri Aug 03 2001 - 07:40:33 PDT