Re: [RFC] 2.4.11-pre4 patch

From: Greg KH (gregat_private)
Date: Fri Oct 05 2001 - 16:51:18 PDT

  • Next message: jmjonesat_private: "Re: [RFC] 2.4.11-pre4 patch"

    On Fri, Oct 05, 2001 at 04:40:43PM -0700, Casey Schaufler wrote:
    > We have successfully refutted the arguements that restrictive
    > hooks coupled with whacked capabilities is sufficient. No
    > one has proposed a resolution for the MAC/DAC ordering issue
    > which does not involve authoritative hooks. You assert that
    > restrictive hooks will be easier to sell than authoritative
    > even though they are known to be insufficent for POSIX ACLs
    > and NFSv4.
    
    The MAC/DAC ordering seems to be resolved (i.e. WireX hasn't complained,
    and they were the only ones that seemed to mind in the first place.)
    
    I don't remember that proof (about ACLs and NFSv4), but even if that is
    so, the kernel does not currently _have_ either POSIX ACL, or NFSv4, let
    alone versions of those subsystems that are going to use the LSM
    interface.
    
    Let's cross that bridge when we come to it.
    
    thanks,
    
    greg k-h
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 16:58:25 PDT