Alexander Viro wrote: >As for "highly secure"... Could we please >see some proof? Clearly stated properties with code audit to verify them >would be nice. There has been some work done on automated analysis of the LSM hooks to verify that hooks are placed everywhere they are needed, and LSM benefitted from this. See, e.g., http://www.usenix.org/publications/library/proceedings/sec02/zhang.html >I'm yet to see a single shred of evidence that so-called security improvements >actually do improve security (as opposed to feeling of security - quite >a different animal). Adding LSM support to the kernel does not itself improve security. However, LSM support enables modules to add security. And yes, there are some substantial security wins available here. Are you familiar with privilege separation in SSH? One of the promises of LSM is that it provides a way that we could systematically apply privilege separation to many (or all) of our security-critical apps. Existing mechanisms in the OS are too coarse-grained to be adequate for privilege separation; LSM gives us a way to change all that. This would be a big improvement in security. I've never been shy of criticizing feel-good solutions. LSM is not a feel-good solution; it's a real step forward. This really is real stuff. This is not snake oil. Honest. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 02:27:28 PDT