On Fri, Oct 18, 2002 at 11:14:14AM -0400, Valdis.Kletnieksat_private wrote: > OK.. I'll grant that a lot of things done here are fixing the fact that > there are some really fundamental botches in the Linux kernel, such as > the fact that there isn't a long history of Posix-capability flavor > separation (so processes need to start as root just so they can bind > a low-number port - blech). > > Would fixing *ALL* of that history (and all the userspace crap that has > grown on top of it) be *LESS* invasive/disruptive than what LSM does? It would most certainly not be less invasive. But that's okay. We want stuff fixed properly, not least invasive. > Do you have a projected timeline of when this mythical "all the warts in the > kernel are fixed and all the userspace cruft is cleaned up" world will happen? It depends on how many people actually work on it.. > I'd like some sort of reasonable estimate, so I know whether this will be > before or after I retire. (While we're at it, can we reverse the definition > of the 'r' and 'x' permissions on directories, so 'umask 037' doesn't result > in directories with borked permissions? I'm actually somewhat serious here - > this is the sort of thing that will need to be cleaned up and fixed all over > the place...) I dount you can change the meaning of the mod bits ever. Adding something like a umask for directories (dmask) might be possible, though. > The part you're missing here is that the "fuzzy buzzword mechanism" is > deployable *NOW*, and will provide *real benefits* *NOW*, rather than having > to wait for the 2.7 or 3.1 or whatever kernel. By messing up the kernel. Note that I don't want to steal you your code - deploy it if you want, but don't harm the mainline kernel with it. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 08:19:23 PDT