On Mon, 6 Aug 2001, Crispin Cowan wrote: > jmjonesat_private wrote: > > > On Mon, 6 Aug 2001, Crispin Cowan wrote: > > > > 1) make hooks authoritative, > > > Not yet. I'm still waiting to hear whether the promised advantages are > > > real or not. In particular, I want to know whether Smalley's style of > > > authoritative hooks (DAC-in, DAC-first, send DAC result to module as a > > > parameter, and let the module make the final decision) actually improves > > > SGI's situation. Richard? > > > > Riddle me this: how are they NOT real? They allow me to build a module > > that does things differently than the 6 or 7 pre-existing security > > projects, but don't inhibit ANY of them from doing what they desire: > > proving that they can't grant permission when another model (even > > in-kernel) denies. > > The "old" benefits (can do more hypothetical stuff) we're aware of, but > decided weren't worth the cost (benefits of simple assurance). The > "new" benefits are that they may ease the tension between the DAC-firs > people and the MAC-first people. That is the key. > Simple-assurance isn't either simple or (particulary) assuring. If you insist, I'll publish an exploit, I'd be happy to, although I would rather not since I'd rather not give code to the "enemy". And continuing restrictive_only "eases" the DAC-first people? SGI? I don't think so. > > > > > 2) DON'T buy-in the DAC-OUT yet, but keep an open mind, > > > > > > Sorry, my mind is close on this issue :-) > > > > I'm very sorry to hear this. I've always advocated you as having an open > > mind, and I don't think there's clear, irrefutable proof to the contrary, > > at this point. > > "open minded" means not judging issues you don't yet have evidence for. > We (WireX) considered it, and gathered tons of evidence that DAC-out is > an impractical idea. Others who went and looked seemed to come to > similar conclusions. I'm tired of discussing it. It has no chance of > ever succeeding, so we're wasting our time considering it. I don't agree with this. Possibly, I haven't "worn myself out" on the search. "Open Minded", to me, means "willing to accept the current literature until it is challenged intellectually or paradigmatically", and when it is possible to evaluate other ideas with equal weight. Furthermore "if current literature bends one way and I can produce a solution that bends another, it will be accepted by many and evaluated." Simply put: "it's how we move forward." I'm no PhD, therefore, I probably wasn't indoctrinated adequately into this thinking, but I *DO* have questions about its validity (suggest your answer may be useful in a FAQ for subdomain or LSM). I'd hope I'd be "corrected" with specific arguements rather than "I'm tired"... > > Crispin > > -- > Crispin Cowan, Ph.D. > Chief Scientist, WireX Communications, Inc. http://wirex.com > Security Hardened Linux Distribution: http://immunix.org > Available for purchase: http://wirex.com/Products/Immunix/purchase.html > J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 11:59:39 PDT