Re: [PATCH] remove sys_security

From: Christoph Hellwig (hchat_private)
Date: Fri Oct 18 2002 - 08:18:28 PDT

  • Next message: Russell Coker: "Re: [PATCH] remove sys_security"

    On Fri, Oct 18, 2002 at 11:14:14AM -0400, Valdis.Kletnieksat_private wrote:
    > OK.. I'll grant that a lot of things done here are fixing the fact that
    > there are some really fundamental botches in the Linux kernel, such as
    > the fact that there isn't a long history of Posix-capability flavor
    > separation (so processes need to start as root just so they can bind
    > a low-number port - blech).
    > 
    > Would fixing *ALL* of that history (and all the userspace crap that has
    > grown on top of it) be *LESS* invasive/disruptive than what LSM does?
    
    It would most certainly not be less invasive.  But that's okay.
    We want stuff fixed properly, not least invasive.
    
    > Do you have a projected timeline of when this mythical "all the warts in the
    > kernel are fixed and all the userspace cruft is cleaned up" world will happen?
    
    It depends on how many people actually work on it..
    
    > I'd like some sort of reasonable estimate, so I know whether this will be
    > before or after I retire. (While we're at it, can we reverse the definition
    > of the 'r' and 'x' permissions on directories, so 'umask 037' doesn't result
    > in directories with borked permissions?  I'm actually somewhat serious here -
    > this is the sort of thing that will need to be cleaned up and fixed all over
    > the place...)
    
    I dount you can change the meaning of the mod bits ever.  Adding something
    like a umask for directories (dmask) might be possible, though.
    
    > The part you're missing here is that the "fuzzy buzzword mechanism" is
    > deployable *NOW*, and will provide *real benefits* *NOW*, rather than having
    > to wait for the 2.7 or 3.1 or whatever kernel.
    
    By messing up the kernel.  Note that I don't want to steal you your
    code - deploy it if you want, but don't harm the mainline kernel with it.
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 08:19:23 PDT