Re: Making forward progress

From: jmjonesat_private
Date: Mon Aug 06 2001 - 11:20:27 PDT

  • Next message: richard offer: "Re: Problems with some of the current hooks"

    On Mon, 6 Aug 2001, Crispin Cowan wrote:
    > richard offer wrote:
    > > * frm crispinat_private "08/06/01 10:43:46 -0700" | sed '1,$s/^/* /'
    > > * I think Richard Offer had it right when he suggested thinking about
    > > * DAC-out for Linux 3.0.
    > >
    > > I was being facetious.
    > Oh :-(
    > > I still believe its the right thing to do now, that doesn't mean I think it
    > > will be done.
    > I think it would be the right thing to do if this were Linux 0.6, and we were
    > designing the security implementation for a new kernel.  I agree that it is
    > the right design.  My main objection is that it is not the design used for
    > Linux, and an attempt to impose this design on the existing code will succeed
    > about as well as an organ transplant to a human from a turnip.
    We're in the 0.x versions of LSM.  LSM is the "new security paradigm" for
    linux, is we succeed.  We're changing things.  If you don't want to change
    things, drop out now... things are GOING to change.  It's inevitable. 
    I agree, things have gone wrong, but LSM can fix this, and it can do it
    WITHOUT breaking other strategies toward security.  I admin being naive... 
    in essence, I saw LSM as being a "branch" in the forward development of
    Linux that might allow security where there previously was none. 
    My mistake?  
    J. Melvin Jones
    > But if you step out to the 3.0 time frame, and start lobbying for it in the
    > main linux kernel community shortly after LSM has been accepted and is a great
    > success :-) then it might have a chance of finding an audience.
    Okay, an argument for "future development being appropriate, current not
    being"... more info?
    > Crispin
    > --
    > Crispin Cowan, Ph.D.
    > Chief Scientist, WireX Communications, Inc.
    > Security Hardened Linux Distribution:
    > Available for purchase:
    > _______________________________________________
    > linux-security-module mailing list
    > linux-security-moduleat_private
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 11:21:41 PDT