On Fri, 3 Aug 2001 Valdis.Kletnieksat_private wrote: > He also said he wanted something "generic" and get rid of euid==0 and > all that (as one option). euid==0 is just the superuser tests (vs. the capabilities). It doesn't refer to the ordinary DAC logic. > Could somebody who knows Linus better than I do ask him what he meant? > On the one hand, his comments *were* spurred by SELinux, and as such some > of us believe he meant something not TOO revolutionary. On the other > hand, what he *wrote* certainly reads (at least to some of us) as being > open to discussion of a more complete overhaul of the security model. There are at least two people on this mailing list who were present when Linus originally gave his feedback at the Linux Kernel Summit (Pete Loscocco, who gave the SELinux talk there, and Greg K-H). I think they will confirm that Linus wasn't talking about removing the ordinary DAC logic from the kernel. Also, SGI tried this earlier (appealing directly to the kernel developers for support on the idea of moving the DAC logic), and they presumably didn't get much support since there was no followup here. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 10:26:33 PDT