Re: Reasons for Inclusion

From: Crispin Cowan (crispinat_private)
Date: Fri Mar 22 2002 - 14:45:40 PST

  • Next message: Kurt Seifried: "Re: Reasons for Inclusion"

    Valdis.Kletnieksat_private wrote:
    
    >The writing I've done for the Center for Internet Security has shown me that
    >there is little, if any, consensus on which 5 steps to use.   No one security
    >policy is one-size-fits-all.
    >
    Indeed.  That there is no consensus on a one-size-fits-all security 
    model is the reason for LSM.
    
    >Personally, I'm amazed the *HOOKS* are as close to one-size-fits-all as they
    >are (sorry, you audit freaks, maybe in phase 2 ;)
    >
    I too am quite pleased with how well that has worked out. IMHO, the LSM 
    "result" has two big pieces of heavy lifting:
    
        * finding the "sweet spot" of hooks that is a relatively minimal
          set, yet provides most of the functionality that most people need
        * implementing that in code
    
    I suspect that JMJones is raising this debate as a back door to re-argue 
    for features we have excluded. I'm not interested, as all of those 
    design decisions were thoroughly discussed before they were committed. 
    "That was fun. Lets do it again." Not.
    
    There will be a critical review of LSM, when it gets presented to the 
    mainstream linux community. The value-add will be the additional 
    perspective from people who were not involved with LSM. IMHO, there is 
    no value in us LSM'ers revisiting old issues and re-hashing our opinions.
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 14:48:02 PST