Re: Making forward progress

From: jmjonesat_private
Date: Fri Aug 03 2001 - 17:53:11 PDT

  • Next message: Crispin Cowan: "NFSv4 (was: Making forward progress)"

    On Fri, 3 Aug 2001, Crispin Cowan wrote:
    > Valdis.Kletnieksat_private wrote:
    > > On Fri, 03 Aug 2001 12:25:40 EDT, Stephen Smalley said:
    > > > NFSv4 seems clearly out of scope for LSM.
    > > Umm... "clearly"?
    > >
    > > Are you prepared to tell the customers down the road "You can use NFSv4, or
    > > you can use LSM, but you can't get LSM support for securing NFSv4 because the
    > > LSM folks thought NFSv4 was clearly out of scope?"
    > >
    > > If NFSv4 is *clearly* out of scope, I'll propose that the networking hooks
    > > are out of scope too.  After all, anybody who cares about security doesn't
    > > hook their boxes up to the wire, right? ;)
    > Can someone summarize the alleged scary boodjum of NFSv4?  I'm not familiar
    > with it, and don't know what the implications of it are that LSM would have to
    > care about.
    I've only read RFC 3010, so my understanding is sketchy...
    RFC 3010 seems to specify in great detail support for Access Control, ACL,
    and (imho) almost every other possible security model.
    I don't know if it will "trickle down" to other fs's, thereby endangering
    LSM, but it's pretty good reading.  It's probably a "software-life-cycle" 
    away from us right now... and implementation and general acceptance are
    still questionable, but reading it and thinking about how it MIGHT affect
    LSM is probably not wasted time.
    (Suggest a good beer and about 2 hours as being necessary.)
    > Crispin
    > --
    > Crispin Cowan, Ph.D.
    > Chief Scientist, WireX Communications, Inc.
    > Security Hardened Linux Distribution:
    > Available for purchase:
    Not Meant to Prevent a Summary (I'd love that),
    J. Melvin Jones
    ||  J. MELVIN JONES            jmjonesat_private 
    ||  Microcomputer Systems Consultant  
    ||  Software Developer
    ||  Web Site Design, Hosting, and Administration
    ||  Network and Systems Administration
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 17:54:36 PDT