On Fri, 18 Oct 2002, Crispin Cowan wrote: > * server users can choose a highly secure model > * workstation users can choose something desktop oriented > * embedded people can choose nothing at all, or the specific > narrow-cast model that they need > > On the other hand: what is the big cost here? One system call. Isn't > that actually *lower* overhead than the (say) half dozen > security-oriented syscalls we might convince you to accept if we drop > the sys_security syscall as you suggest? Why the fierce desire to remove > something so cheap? Because ugliness has its price. As for "highly secure"... Could we please see some proof? Clearly stated properties with code audit to verify them would be nice. I'm yet to see a single shred of evidence that so-called security improvements actually do improve security (as opposed to feeling of security - quite a different animal). And in this case burden of proof is clearly on your side. What I _do_ see is a lucrative market for peddlers of feel-good "solutions" that do not make anything secure but have miles-long feature lists that can be used to impress PHBs. Now, I have no particular problems with people who help suckers part with their money, but I don't see any reason to support them. 3 or 4 patches that might be interesting would be better off without LSM. The rest... care to give a hard evidence that it is worth any support? _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 00:29:27 PDT