Re: [PATCH] remove sys_security

From: David Wagner (dawat_private)
Date: Fri Oct 18 2002 - 02:09:23 PDT

  • Next message: David Wagner: "Re: MARC: msg 'Re: [PATCH] remove sys_security'"

    Alexander Viro  wrote:
    >As for "highly secure"...  Could we please
    >see some proof?  Clearly stated properties with code audit to verify them
    >would be nice.
    
    There has been some work done on automated analysis of the LSM hooks
    to verify that hooks are placed everywhere they are needed, and LSM
    benefitted from this.  See, e.g.,
    http://www.usenix.org/publications/library/proceedings/sec02/zhang.html
    
    >I'm yet to see a single shred of evidence that so-called security improvements
    >actually do improve security (as opposed to feeling of security - quite
    >a different animal).
    
    Adding LSM support to the kernel does not itself improve security.
    However, LSM support enables modules to add security.  And yes, there
    are some substantial security wins available here.
    
    Are you familiar with privilege separation in SSH?  One of the promises
    of LSM is that it provides a way that we could systematically apply
    privilege separation to many (or all) of our security-critical apps.
    Existing mechanisms in the OS are too coarse-grained to be adequate for
    privilege separation; LSM gives us a way to change all that.  This would
    be a big improvement in security.
    
    I've never been shy of criticizing feel-good solutions.  LSM is not a
    feel-good solution; it's a real step forward.
    
    This really is real stuff.  This is not snake oil.  Honest.
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 02:27:28 PDT