Re: Making forward progress

From: Crispin Cowan (crispinat_private)
Date: Mon Aug 06 2001 - 12:33:32 PDT

  • Next message: Stephen Smalley: "Re: Making forward progress"

    jmjonesat_private wrote:
    
    > On Mon, 6 Aug 2001, Seth Arnold wrote:
    > > On Mon, Aug 06, 2001 at 02:20:27PM -0400, jmjonesat_private wrote:
    > > > We're in the 0.x versions of LSM.  LSM is the "new security paradigm" for
    > > > linux, is we succeed.  We're changing things.  If you don't want to change
    > > > things, drop out now... things are GOING to change.  It's inevitable.
    > >
    > > It was my understanding that LSM was chartered to first and foremost
    > > allow existing security patches to be installed easily on generic Linux
    > > kernels shipped by the various distributions, in the form of modules.
    >
    > Actually, I think this is the most insightful and astute question to be posed
    > here in 2 or 3 months.  Kudoes, Seth Arnold.
    >
    > IF (and only if) the project is to provide a common API for multiple
    > pre-existing modules, I'm out of here (probably a boon to some).
    
    It is not a question.  Seth as just succinctly and clearly articulated the
    charter of the LSM project.  That is exactly what it has always been about.
    
    
    > My module does not pre-exist, although I am in full belief it will blow
    > everybody else out of the water.
    
    Whether your module pre-exists is a red herring.  Since the LSM API is not yet
    fixed, no modules pre-exist.
    
    The critical issue is that your security model (not module) pre-exists, and is
    within scope (access control for stage 1, audit for stage 2).  Your module will
    not be excluded just because it is new.  HOWEVER, new features and architectural
    change requests will not be accomodated to support security *models* that are not
    well understood and within scope.
    
    LSM may support good research, but the LSM API itself is not a research project.
    
    
    > > I don't think that an API design phase should be the place to perform
    > > security research. The security research should inform the API design.
    >
    > I agree, with your limitations.  What *IS* LSM about?  Should I email Linus on
    > this topic?  Should the 40 or 50 others that were misinformed so do?
    
    How about you re-read the early archives and learn what LSM has been about all
    along?  It was never ambiguous, and never was intended as a radical new security
    paradigm for Linux.  Seth's statement is just an accurate and succinct statement
    of Linus' charter.  The only major refinement that happend was the stage 1/2 plan
    to maximize the chances of both access control and audit making the cut, because
    audit was not in Linus' charter.
    
    Crispin
    
    --
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 12:34:39 PDT