Re: Making forward progress

• Previous message: jmjonesat_private: "Re: Making forward progress"
• In reply to: Crispin Cowan: "Re: Making forward progress"
• Next in thread: Crispin Cowan: "NFSv4 (was: Making forward progress)"
• Next in thread: richard offer: "Re: Making forward progress"
• Reply: Crispin Cowan: "NFSv4 (was: Making forward progress)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 3 Aug 2001, Crispin Cowan wrote:

> Valdis.Kletnieksat_private wrote:
> 
> > On Fri, 03 Aug 2001 12:25:40 EDT, Stephen Smalley said:
> > > NFSv4 seems clearly out of scope for LSM.
> > Umm... "clearly"?
> >
> > Are you prepared to tell the customers down the road "You can use NFSv4, or
> > you can use LSM, but you can't get LSM support for securing NFSv4 because the
> > LSM folks thought NFSv4 was clearly out of scope?"
> >
> > If NFSv4 is *clearly* out of scope, I'll propose that the networking hooks
> > are out of scope too.  After all, anybody who cares about security doesn't
> > hook their boxes up to the wire, right? ;)
> 
> Can someone summarize the alleged scary boodjum of NFSv4?  I'm not familiar
> with it, and don't know what the implications of it are that LSM would have to
> care about.

I've only read RFC 3010, so my understanding is sketchy...

RFC 3010 seems to specify in great detail support for Access Control, ACL,
and (imho) almost every other possible security model.

I don't know if it will "trickle down" to other fs's, thereby endangering
LSM, but it's pretty good reading.  It's probably a "software-life-cycle" 
away from us right now... and implementation and general acceptance are
still questionable, but reading it and thinking about how it MIGHT affect
LSM is probably not wasted time.

(Suggest a good beer and about 2 hours as being necessary.)

> 
> Crispin
> 
> --
> Crispin Cowan, Ph.D.
> Chief Scientist, WireX Communications, Inc. http://wirex.com
> Security Hardened Linux Distribution:       http://immunix.org
> Available for purchase: http://wirex.com/Products/Immunix/purchase.html

Not Meant to Prevent a Summary (I'd love that),
J. Melvin Jones

|>------------------------------------------------------
||  J. MELVIN JONES            jmjonesat_private 
|>------------------------------------------------------
||  Microcomputer Systems Consultant  
||  Software Developer
||  Web Site Design, Hosting, and Administration
||  Network and Systems Administration
|>------------------------------------------------------
||  http://www.jmjones.com/
|>------------------------------------------------------




_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Crispin Cowan: "NFSv4 (was: Making forward progress)"
• Previous message: jmjonesat_private: "Re: Making forward progress"
• In reply to: Crispin Cowan: "Re: Making forward progress"
• Next in thread: Crispin Cowan: "NFSv4 (was: Making forward progress)"
• Next in thread: richard offer: "Re: Making forward progress"
• Reply: Crispin Cowan: "NFSv4 (was: Making forward progress)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 17:54:36 PDT