Re: quotactl hook

From: Crispin Cowan (crispinat_private)
Date: Sun Sep 02 2001 - 01:18:39 PDT

  • Next message: Greg KH: "Re: quotactl hook"

    jmjonesat_private wrote:
    
    >On Sat, 1 Sep 2001, Greg KH wrote:
    >
    >>A branch of a patch, and I thought I had heard of everything :)
    >>Fine, all the lsm work is opensource, and if it doesn't meet your needs
    >>in certain ways, feel free to change it for your own usages.  Just
    >>respect the current license and everyone will be happy.
    >>
    >Not to 'tell tales out of school', but this is a very strong possibility,
    >imho, at this point.  I don't know if it's a good or bad thing.
    >
    It's a neutral thing.  At USENIX, Richard Offer remarked that the SGI 
    system will apply kernel patches on top of LSM, to provide things that 
    they absolutely need, but will use LSM because it is easier than rolling 
    their own.
    
    >My concern, generally, is that LSM may be "too narrow" and not get
    >accepted into the kernel proper, or that a branch solution may get
    >presented simultaneously that addresses more generality. SELinux has
    >released a good patch to a fairly current version, and Wirex, et al,
    >may do so soon (we're close to the "implementable limit" for LSM for many
    >pre-existant security solutions.)  I don't know. 
    >
    >I am somewhat concerned about Linus and the KDs evaluation and how heavily
    >the "limitations" may weigh.  Perhaps I'm way off base, but I'd feel more
    >comfortable being "arguably right" than being "arguably minimal."
    >
    IMHO, you're way off base. I suspect that LSM is much more in danger of 
    being rejected as being too costly and intrusive, rather than for being 
    too general.  Look for LSM to get even more narrow after going through a 
    cycle of negotiating with Linus.
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Sun Sep 02 2001 - 01:20:30 PDT