RE: Making forward progress

From: jmjonesat_private
Date: Fri Aug 03 2001 - 14:45:52 PDT

  • Next message: Greg KH: "Re: Making forward progress"

    On Fri, 3 Aug 2001, Stephen Smalley wrote:
    > Back on June 12th, I posted a new LSM patch that changed many of the
    > hooks to be authoritative as well as providing a number of other
    > changes.  
    I acknowlege that Stephen Smalley was the first to propose a concrete 
    patch that would allow authoritative.
    It was proposed on June 12th and argued for 6 days.
    A new patch was proposed on June 18th, with restrictive_only hooks.
    It was (de facto) accepted on June 19th by Chris Wright declaring
    It was incorporated into the June 20th patch.
    6 days for discussion of AN authoritative possibility, 2 days (probably
    less) for a restrictive_only revision to gain instant and relatively
    unreviewed acceptance.
    I don't think this issue was resolved to a consensus, except between Chris
    Wright (WIREX/SubDomain) and Stephen Smalley (NAI/SELinux), or we wouldn't
    still be arguing about it.
    Some rushed ahead.  SGI's patch was submitted at the same time and sent
    back to the drawing board... and then a "consensus" was rapidly declared
    (unofficially) and the project moved ahead on a vector that diverged from
    authoritative farther and farther, making any chance that SGI's "divided"
    patch would be accepted smaller and smaller as time goes on.
    Mia Culpa: I diverted the thread with a whine about bitkeeper. It lasted
    about 3 days.  We only had 6.  WHY DID WE ONLY HAVE 6 DAYS? 
    After that moment, the "simple-assurance" or "we can change it later"
    arguments started to be applied.  Another Mia Culpa: I bought into
    simple-assurance as being axiomatic.  It took me 6 weeks to suddenly
    realize it was no such thing.
    I immediately brought this to the list, after checking with some trusted
    people to see if I'd missed something (I hadn't).  (Two hours' delay.) If,
    as Mr. Smalley has said, this was widely known, why wasn't it discussed
    here when simple-assurance was being used to pummel non-restrictive hooks
    into the ground? 
    And, as far as the "we can change it later" argument... POPPYCOCK.  We're
    6 weeks into restrictive_only and the cost is now extremely high and there
    is a lot of "groan... NOT NOW... we've come so FAR!" feeling that is
    working against a rewrite.  WE'RE STILL PRE-RELEASE... HOW'S IT GOING TO
    And, as far as the "code speaks, theory doesn't" argument... more
    POPPYCOCK.  You can build a bridge out of apples... just getting it in
    FIRST and saying "well, I did the work, you didn't, so APPLES must be GOOD
    ENOUGH" is total nonsense.  Measure twice, cut once.
    > --
    > Stephen D. Smalley, NAI Labs
    > ssmalleyat_private
    Thank you (to the list) for listening to my thoughts.  I realize this is a
    very emotionally motivated message.  My teachings to my children with that
    are "emotions give you a first approximation, don't deny that when you're
    doing your intellectual assessment... running from putting your hand in
    the fire is probably GOOD, even though you don't stop thinking it through.
    THINK about it.  THINK HARD." 
    If LSM stands for "Loadable Access Control Kernel Module" instead of
    "Loadable Security Module", shouldn't it be called LACKM?  I want LSM to
    succeed and I think it is so arguably limitted at the moment it could not
    possibly do so.
    An Emotionally Charged Opinion,
    J. Melvin Jones
    ||  J. MELVIN JONES            jmjonesat_private 
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 14:47:44 PDT