Re: [PATCH] remove sys_security

From: Alexander Viro (viroat_private)
Date: Fri Oct 18 2002 - 00:28:10 PDT

  • Next message: Crispin Cowan: "Re: [PATCH] remove sys_security"

    On Fri, 18 Oct 2002, Crispin Cowan wrote:
    
    >     * server users can choose a highly secure model
    >     * workstation users can choose something desktop oriented
    >     * embedded people can choose nothing at all, or the specific
    >       narrow-cast model that they need
    > 
    > On the other hand: what is the big cost here? One system call. Isn't 
    > that actually *lower* overhead than the (say) half dozen 
    > security-oriented syscalls we might convince you to accept if we drop 
    > the sys_security syscall as you suggest? Why the fierce desire to remove 
    > something so cheap?
    
    Because ugliness has its price.  As for "highly secure"...  Could we please
    see some proof?  Clearly stated properties with code audit to verify them
    would be nice.
    
    I'm yet to see a single shred of evidence that so-called security improvements
    actually do improve security (as opposed to feeling of security - quite
    a different animal).  And in this case burden of proof is clearly on your
    side.
    
    What I _do_ see is a lucrative market for peddlers of feel-good "solutions"
    that do not make anything secure but have miles-long feature lists that
    can be used to impress PHBs.  Now, I have no particular problems with
    people who help suckers part with their money, but I don't see any reason
    to support them.
    
    3 or 4 patches that might be interesting would be better off without LSM.
    The rest...  care to give a hard evidence that it is worth any support?
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 00:29:27 PDT