On Wed, 7 Nov 2001, Casey Schaufler wrote: > I'll pass on information should I receive any. Thanks. Since this is more our "area", any data is appreciated. > Sure, but so does Abba. (Political Retort. Meant in fun. Abba is > a Swedish vocal group from the disco era) Actually, I like ABBA very much. :) I miss the 70s. :) Herein, though, I'm convinced that the whole "thrust" of LSM has been to provide a common module interface to a limitted number of projects that are only really interested in Access-Restriction... no more than ABBA was the "final solution for MUSIC." I also believe that this was never clearly stated, but, rather, it has been IMPLIED by the decisions made about inclusion/exclusion. My recent questions about the definition of "Access Control" have been aimed at defining it locally. What I get are references to general AC documents which are not totally, but ARE partially, addressed by the LSM patch. LSM is access-restrictive, relative to the Linux Kernel's pre-existing access control methods... not a bad thing, but not what I expected from a General Purpose Security Interface. My mistake. I also think it's important for LSM to narrow its "field of interest" for the SALE for kernel inclusion. Argue what you actually DO, not some political position you exposited to open the field for help from Open Software sources. I also think it would be much more salable if it just claimed what it does: access-restriction in the context of currently imposed security. It's not a bad or embarassing thing. Argue anything else, and LSM opens itself to questions it can not answer... some of which you have stated. The advantage will be to other projects, possibly like that one stated, which pursue other functionality. So far, the LSM patch does NOT inhibit OUR solution, and in some ways it actually benefits it. I'm very concerned that the idea of the "S" in LSM being interpretted as "TOTAL SECURITY" may work counter other solutions in the Linux community. Statement of Belief: LSM provides a solid subset solution for Linux Security, but it is NOT a "general purpose security solution" for Linux. Nevertheless, it's a step forward. Greg K-H has stated something similar to this before. I still hope it gets accepted, since one of our considerations for our patch-application is that it should be possible to load an LSM module and STILL benefit from our solution, and we're trying to avoid duplication. Sincerely, J. Melvin Jones > > -- > > Casey Schaufler Manager, Trust Technology, SGI > caseyat_private voice: 650.933.1634 > casey_pat_private Pager: 888.220.0607 > |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Nov 07 2001 - 14:01:34 PST