On Mon, Sep 24, 2001 at 10:25:38AM -0700, Casey Schaufler wrote: > Greg KH wrote: > > > I am not proposing to change anything from what currently is required to > > do if you add a security module patch to the kernel _today_. > > Well, why do you think I want to have a loadable module? > So I don't have to do a security module patch, and so > that no one has to do a security module patch. The whole > point of this exercise to to change the current state of > affairs, where everyone has to go off and do their own > security patch. If you are proposing the status quo, why > should anybody be doing anything? The LSM patch is to allow you to create a kernel module that keeps you from having to keep a kernel patch along with your module. It would allow users to easily pick and choose different security models if they wish. It would reduce effort by multiple people around the world that constantly have to update their kernel patch right now for every new kernel. It also would bring the usage of different security models to a wider range of people. All of these things were listed in Linus's original goals for the project if you look in the archives of the mailing list. What wasn't mentioned was the fact that this would allow people to write closed source security modules for Linux. I was just trying to explicitly forbid this as I realized that this might be a nasty side effect of us having the LSM patch in the kernel (see my previous comments about closed source security kernel modules.) thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Sep 24 2001 - 10:41:49 PDT