jmjonesat_private wrote: >On Sat, 1 Sep 2001, Greg KH wrote: > >>A branch of a patch, and I thought I had heard of everything :) >>Fine, all the lsm work is opensource, and if it doesn't meet your needs >>in certain ways, feel free to change it for your own usages. Just >>respect the current license and everyone will be happy. >> >Not to 'tell tales out of school', but this is a very strong possibility, >imho, at this point. I don't know if it's a good or bad thing. > It's a neutral thing. At USENIX, Richard Offer remarked that the SGI system will apply kernel patches on top of LSM, to provide things that they absolutely need, but will use LSM because it is easier than rolling their own. >My concern, generally, is that LSM may be "too narrow" and not get >accepted into the kernel proper, or that a branch solution may get >presented simultaneously that addresses more generality. SELinux has >released a good patch to a fairly current version, and Wirex, et al, >may do so soon (we're close to the "implementable limit" for LSM for many >pre-existant security solutions.) I don't know. > >I am somewhat concerned about Linus and the KDs evaluation and how heavily >the "limitations" may weigh. Perhaps I'm way off base, but I'd feel more >comfortable being "arguably right" than being "arguably minimal." > IMHO, you're way off base. I suspect that LSM is much more in danger of being rejected as being too costly and intrusive, rather than for being too general. Look for LSM to get even more narrow after going through a cycle of negotiating with Linus. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Sep 02 2001 - 01:20:30 PDT