Re: Making forward progress

From: Valdis.Kletnieksat_private
Date: Fri Aug 03 2001 - 10:08:33 PDT

  • Next message: Devdas Bhagat: "Re: Making forward progress"

    On Fri, 03 Aug 2001 12:58:44 EDT, Stephen Smalley said:
    > Again, euid==0 vs. capabilities is NOT the same as the DAC logic.
    > It relates to the ability to move the capabilities implementation
    > out of the base kernel and make it optional, with the alternative
    > being the traditional superuser tests.  That is exactly what LSM
    > is doing.  
    > Keep in mind that Linus' comments were a response to the
    > presentation of SELinux at the Linux Kernel Summit.  The
    > focus was on adding support for implementing additional access
    > control schemes like MLS, TE, and RBAC, not on replacing the base 
    > DAC logic.
    He also said he wanted something "generic" and get rid of euid==0 and
    all that (as one option).
    Could somebody who knows Linus better than I do ask him what he meant?
    On the one hand, his comments *were* spurred by SELinux, and as such some
    of us believe he meant something not TOO revolutionary.  On the other
    hand,  what he *wrote* certainly reads (at least to some of us) as being
    open to discussion of a more complete overhaul of the security model.
    				Valdis Kletnieks
    				Operating Systems Analyst
    				Virginia Tech

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private

    This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 10:10:32 PDT