Re: [PATCH] remove sys_security

From: Christoph Hellwig (hchat_private)
Date: Fri Oct 18 2002 - 05:50:01 PDT

  • Next message: Christoph Hellwig: "Re: [PATCH] remove sys_security"

    On Fri, Oct 18, 2002 at 12:04:00AM -0700, Crispin Cowan wrote:
    > >I know.  but hiding them doesn't make them any better..
    > >
    > Actuall, yes it does, and that is the point. You don't have to like 
    > SELinux's system calls, or any other module's syscalls. The whole point 
    > of LSM was to decouple security design from the Linux kernel development.
    
    But I dislike the notation of module syscalls.  Syscalls are a global
    thing and they shall not be registered without proper review from
    all kernel developers.  Driver development is untangled from kernel
    development, too and it doesn;t need syscalls.
    
    > There are a butt-load of different access control models, and many of 
    > them are not compatible with one another. You wouldn't want to support 
    > them all--that would be serious bloat. So instead, LSM lets each user 
    > choose the model that suits them:
    
    Fucking no!  Don't add syscall interfaces without review.  Adding
    a new syscall for a "security modules" is sign that you got
    your design wrong.
    
    >     * server users can choose a highly secure model
    >     * workstation users can choose something desktop oriented
    >     * embedded people can choose nothing at all, or the specific
    >       narrow-cast model that they need
    
    Blah, blah, blah.  You don't get more security by pluggin in a buggy
    module.
    
    > On the other hand: what is the big cost here? One system call. Isn't 
    > that actually *lower* overhead than the (say) half dozen 
    > security-oriented syscalls we might convince you to accept if we drop 
    > the sys_security syscall as you suggest? Why the fierce desire to remove 
    > something so cheap?
    
    It's the broken design.  Look at windows:  it has tons of cheap
    features - and exactly because of that it's such a piece of crap.
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 05:51:22 PDT