Re: Making forward progress

• Previous message: Crispin Cowan: "Re: Making forward progress"
• In reply to: jmjonesat_private: "Re: Making forward progress"
• Next in thread: Seth Arnold: "Re: Making forward progress"
• Next in thread: Stephen Smalley: "Re: Making forward progress"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

jmjonesat_private wrote:

> On Mon, 6 Aug 2001, Crispin Cowan wrote:
> > I think it would be the right thing to do if this were Linux 0.6, and we were
> > designing the security implementation for a new kernel.  I agree that it is
> > the right design.  My main objection is that it is not the design used for
> > Linux, and an attempt to impose this design on the existing code will succeed
> > about as well as an organ transplant to a human from a turnip.
>
> We're in the 0.x versions of LSM.  LSM is the "new security paradigm" for
> linux, is we succeed.  We're changing things.  If you don't want to change
> things, drop out now... things are GOING to change.  It's inevitable.

No it is not.  If that's what we try to sell Linus, it will bounce.  This is the
pragmatic teensy weensy hook project that enables new security paradigms (that
aren't really all that new :-) to live in the classical Linux model.  To succeed,
we have to be as non-disruptive as possible.


> I agree, things have gone wrong, but LSM can fix this, and it can do it
> WITHOUT breaking other strategies toward security.  I admin being naive...

Yup.  "I know; lets just re-write everything the right way!" is a typical security
reaction to the way the rest of the world does things, and it never succeeds.  The
non-security way the rest of the world does things is never secure, but it does
succeed.  Security is not a high priority for most people; you do the math.

For us to succeed, we must be as unobtrusive as possible.  Ripping the guts out of
the Linux kernel and putting them back upside down just doesn't qualify :-)

Crispin

--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html




_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Seth Arnold: "Re: Making forward progress"
• Previous message: Crispin Cowan: "Re: Making forward progress"
• In reply to: jmjonesat_private: "Re: Making forward progress"
• Next in thread: Seth Arnold: "Re: Making forward progress"
• Next in thread: Stephen Smalley: "Re: Making forward progress"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 11:45:35 PDT