Re: Making forward progress

From: Stephen Smalley (sdsat_private)
Date: Fri Aug 03 2001 - 10:24:46 PDT

  • Next message: Seth Arnold: "Re: The Demise of Simple Assurance?"

    On Fri, 3 Aug 2001 Valdis.Kletnieksat_private wrote:
    > He also said he wanted something "generic" and get rid of euid==0 and
    > all that (as one option).
    euid==0 is just the superuser tests (vs. the capabilities).  It
    doesn't refer to the ordinary DAC logic.
    > Could somebody who knows Linus better than I do ask him what he meant?
    > On the one hand, his comments *were* spurred by SELinux, and as such some
    > of us believe he meant something not TOO revolutionary.  On the other
    > hand,  what he *wrote* certainly reads (at least to some of us) as being
    > open to discussion of a more complete overhaul of the security model.
    There are at least two people on this mailing list who were present
    when Linus originally gave his feedback at the Linux Kernel Summit
    (Pete Loscocco, who gave the SELinux talk there, and Greg K-H).
    I think they will confirm that Linus wasn't talking about removing
    the ordinary DAC logic from the kernel.  Also, SGI tried this
    earlier (appealing directly to the kernel developers for support
    on the idea of moving the DAC logic), and they presumably didn't
    get much support since there was no followup here.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 10:26:33 PDT