On Fri, 22 Mar 2002, Jesse Pollard wrote: > jmjonesat_private: > > > > Has anybody written a paper, or a list, or a set of notes that respond to > > the following question, yet? > > > > " > > Since secure-systems are a minority of installed systems, and the LSM code > > works exceptionally well with a common-patch, why should this patch enter > > into the "official" code tree for Linux and not simply track it as a > > shared resource for secure-system developers, developed outside the 'stock > > kernel' tree? > > " > > > > Risking My Unpopularity > > To Ask a Question Early, > > That Will CERTAINLY Be Asked Eventually, > > Hopefully to get some REALLY GOOD REASONS (RGR's), > > J. Melvin Jones > > > > P.S. -- I'm an easily beaten "gat-fly". :) > > How about: > > One reason secure systems are a minority is that the administrators and users > are not aware that higher levels of security are even possible. GREAT! Interchangable modules WILL allow more administrators to apply secure solutions without recompiling the kernel... depending on how easy it is to aquire modules. :) Couldn't a "standard patch" equally serve this need? "5 steps to greater security." Would the difficulty in patching the kernel outweigh the difficulty of configuring the module/solution? > > In many cases, they may hear of "trusted computing" or perhaps even "orange > book B1" (or the new buzphrase "trustworty computing"). But without an example > of one it is impossible to determine if such a beast would be usefull. Much > less learn how to use it. Not sure how LSM helps this. > > Once an implementation (or in our case, hooks) become standard, it becomes > much easier to add a module, configure it, and evaluate the result. This > breeds understanding. Understanding of multiple security models will expand > the range of security awareness, and lead to more secure systems being > implemented and actually used. Easier, yes, but only in the model (paradigm) that LSM has espoused. Is there a good justification for this, or is it simply based on "common thinking" rather than "forward/theoretical thinking?" > > There will need to be a lot of documentation and "how to" texts written, but > that will come with/when knowlegeable administrators try them out, and ask > questions. > Not an advantage, IMHO. Various other solutions will have to provide various-other documentation. Would a "suggestion/advert line" in the documentation be equally useful to LSM? > It also will expand the confidence of some administrators just knowing that > if it DID become necessary/mandatory, it is possible to increase the security > level of the system. It's possible now. I've done it, most of my "compatriots" have done it, but not nearly as well as LSM has done. My solutions have never been LSM compatible. We want CHOICES, and we want them to be enumerated and argued. > > In some environments it is already mandated to have more security than that > defined as "C2", but it isn't being done just because "it isn't standard" > or "it's too expensive" (the usual answer I get :). Can LSM support C2 fully, verifiably, and certifiably? That's an advantage, if it can. Has anybody proved this (at least in a paper?) > > Several medical databases are/have been implemented on multiple servers, with > disjoint data bases/networks simply because there are so few systems that > CAN be made more secure. This introduces errors (and expesive hardware > duplication) becuase data must be entered two or more times, once for each > database. Linux is open sourse, it can be extended, and WELL WRITTEN APPLICATIONS can serve such needs well, now. LSM is a low(ish) level thing, is it necessary for this purpose? > > ------------------------------------------------------------------------- > Jesse I Pollard, II > Email: pollardat_private > > Any opinions expressed are solely my own. > Thanks Jesse, Good Points (to me), Hopefully Addressable, J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 13:53:15 PST