On Fri, Oct 26, 2001 at 11:56:41AM -0400, Stephen Smalley wrote: > > And now, for a non-technical comment, when the LSM patch is submitted to > the kernel developers for consideration into 2.5, we will need to be able > to provide evidence that the changes made by LSM are needed by real > security modules. I would expect even greater need for concrete justification > for the kinds of changes made by the authoritative hooks patch, since it > is more invasive and increases the likelihood that a security module may > accidentally open a vulnerability in the base logic. For the current LSM > patch, we have concrete open source examples such as the capabilities > module, the SELinux module and the DTE module (and more underway by the > IBM folks, right?). For authoritative hooks, we currently have nothing. > And I don't think a trivial example module would be helpful - we need > a real security module that is open source that demonstrates the need for > these additional changes. I don't think that the kernel developers will > be swayed by hand waving about unreleased or closed source security > modules. Thanks for bringing this up Stephen, I totally agree. greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 09:17:29 PDT