Valdis.Kletnieksat_private wrote: >The writing I've done for the Center for Internet Security has shown me that >there is little, if any, consensus on which 5 steps to use. No one security >policy is one-size-fits-all. > Indeed. That there is no consensus on a one-size-fits-all security model is the reason for LSM. >Personally, I'm amazed the *HOOKS* are as close to one-size-fits-all as they >are (sorry, you audit freaks, maybe in phase 2 ;) > I too am quite pleased with how well that has worked out. IMHO, the LSM "result" has two big pieces of heavy lifting: * finding the "sweet spot" of hooks that is a relatively minimal set, yet provides most of the functionality that most people need * implementing that in code I suspect that JMJones is raising this debate as a back door to re-argue for features we have excluded. I'm not interested, as all of those design decisions were thoroughly discussed before they were committed. "That was fun. Lets do it again." Not. There will be a critical review of LSM, when it gets presented to the mainstream linux community. The value-add will be the additional perspective from people who were not involved with LSM. IMHO, there is no value in us LSM'ers revisiting old issues and re-hashing our opinions. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 14:48:02 PST