On Fri, 3 Aug 2001, Stephen Smalley wrote: > Back on June 12th, I posted a new LSM patch that changed many of the > hooks to be authoritative as well as providing a number of other > changes. I acknowlege that Stephen Smalley was the first to propose a concrete patch that would allow authoritative. It was proposed on June 12th and argued for 6 days. A new patch was proposed on June 18th, with restrictive_only hooks. It was (de facto) accepted on June 19th by Chris Wright declaring "excellent" It was incorporated into the June 20th patch. 6 days for discussion of AN authoritative possibility, 2 days (probably less) for a restrictive_only revision to gain instant and relatively unreviewed acceptance. I don't think this issue was resolved to a consensus, except between Chris Wright (WIREX/SubDomain) and Stephen Smalley (NAI/SELinux), or we wouldn't still be arguing about it. Some rushed ahead. SGI's patch was submitted at the same time and sent back to the drawing board... and then a "consensus" was rapidly declared (unofficially) and the project moved ahead on a vector that diverged from authoritative farther and farther, making any chance that SGI's "divided" patch would be accepted smaller and smaller as time goes on. Mia Culpa: I diverted the thread with a whine about bitkeeper. It lasted about 3 days. We only had 6. WHY DID WE ONLY HAVE 6 DAYS? After that moment, the "simple-assurance" or "we can change it later" arguments started to be applied. Another Mia Culpa: I bought into simple-assurance as being axiomatic. It took me 6 weeks to suddenly realize it was no such thing. I immediately brought this to the list, after checking with some trusted people to see if I'd missed something (I hadn't). (Two hours' delay.) If, as Mr. Smalley has said, this was widely known, why wasn't it discussed here when simple-assurance was being used to pummel non-restrictive hooks into the ground? And, as far as the "we can change it later" argument... POPPYCOCK. We're 6 weeks into restrictive_only and the cost is now extremely high and there is a lot of "groan... NOT NOW... we've come so FAR!" feeling that is working against a rewrite. WE'RE STILL PRE-RELEASE... HOW'S IT GOING TO BE WHEN WE TRY TO MAKE CHANGES IN "STAGE II" or "STAGE III" WHEN THERE ARE MANY MORE PRODUCTS THAT WILL SUFFER FROM THE CHANGE? And, as far as the "code speaks, theory doesn't" argument... more POPPYCOCK. You can build a bridge out of apples... just getting it in FIRST and saying "well, I did the work, you didn't, so APPLES must be GOOD ENOUGH" is total nonsense. Measure twice, cut once. > -- > Stephen D. Smalley, NAI Labs > ssmalleyat_private Thank you (to the list) for listening to my thoughts. I realize this is a very emotionally motivated message. My teachings to my children with that are "emotions give you a first approximation, don't deny that when you're doing your intellectual assessment... running from putting your hand in the fire is probably GOOD, even though you don't stop thinking it through. THINK about it. THINK HARD." If LSM stands for "Loadable Access Control Kernel Module" instead of "Loadable Security Module", shouldn't it be called LACKM? I want LSM to succeed and I think it is so arguably limitted at the moment it could not possibly do so. An Emotionally Charged Opinion, J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 14:47:44 PDT