On Mon, 5 Nov 2001, Casey Schaufler wrote: > Crispin Cowan wrote: > > 1. It is more invasive. > > 2. It increases the likelihood that modules can accidentally > > undermine the base logic. > > 3. It increases the likelihood that the LSM patch will introduce an > > error into the base kernel. > > It remains our opinion, based on a dozen years experiance > with similar intergartion issues, that these arguements are > insignificant in the face of the extreme limitations of > the restrictive hook scheme. I bet your dozen years of experience haven't dealt with trying to sneak code into Linux, though. ;) I have to agree with Crispin that it'd be much better to get the something "easy" into the kernel first, only when the code base has been in the kernel for a while and the other kernel developers trust it, new features can be introduced. It really looks like the choice LSM is facing only has two alternatives: 1) get something simple, relatively non-intrusive included with the kernel 2) submit something with all bells and wistles, just to have certainty the thing will never be accepted I'd say we do our best to get LSM into the kernel. regards, Rik -- DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed) http://www.surriel.com/ http://distro.conectiva.com/ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Nov 05 2001 - 12:16:31 PST