Re: Authoritative Hooks

• Previous message: Casey Schaufler: "Re: Authoritative Hooks"
• In reply to: Casey Schaufler: "Re: Authoritative Hooks"
• Next in thread: Stephen Smalley: "Re: Authoritative Hooks"
• Next in thread: Chris Wright: "Re: Authoritative Hooks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Casey Schaufler wrote:

>Crispin Cowan wrote:
>
>>Casey Schaufler wrote:
>>
>>>The shear cleverness of the capability+restrictive scheme
>>>is I believe its undoing. You can use it to totally circumvent
>>>the security architecure of the system. While it is fun to
>>>play with this sort of thing, I would never suggest using it
>>>for production code.
>>>
>>Hey, that's a neat come-back.  You can use it to defeat any argument
>>(regardless of merrit) and it sounds way more intellectual than "so's
>>your momma!" :-)
>>
>I'm sorry if it sounds that way. I'm trying really hard to
>come to grips with a Linux future based on restrictive hooks
>and it's not easy.
>
Casey, I hope I didn't offend. I was just making fun, and I know you 
have a serious problem to deal with.

> I had a vision this morning of copying the
>entire security architecture into capable(), with historical
>checks left in place to placate inflexible maintaners and the
>security blob pulsing like an inflated silicon based creature
>from a 1950's Ed Wood movie. The C+R scheme circumvents the
>intention of the basic design, and while that would allow
>ACLs, it does so by deceit, not design. 
>
See now I look at it in completely the opposite way. When I discover 
that an abstraction (API, programming language construct, you name it) 
can be used effectively in some way completely unanticipated by the 
designer, that just means that the abstractin is even more powerful. 
This is something to celebrate, not lament.

>Stephen has convinced me that C+R can be used to do ACLs.
>I look at what it involves, and I say that I would not
>condone such in production code. I stick by that.
>
What does it involve that's so groaty?

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html



_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Greg KH: "Re: OpenWall SECURE_LINK as a LSM"
• Previous message: Casey Schaufler: "Re: Authoritative Hooks"
• In reply to: Casey Schaufler: "Re: Authoritative Hooks"
• Next in thread: Stephen Smalley: "Re: Authoritative Hooks"
• Next in thread: Chris Wright: "Re: Authoritative Hooks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Nov 09 2001 - 16:53:55 PST