Re: [PATCH] LSM networking: tcp hooks for 2.5.59 (8/8)

From: David S. Miller (davemat_private)
Date: Thu Jan 30 2003 - 15:25:58 PST

  • Next message: Casey Schaufler: "Re: c2 (or c2-like) auditing for Linux"

    No, no, and no.
    This stuff will not pass.
    There is no way in hell we're going to insert this security crap into
    the actual protocol implementations.  I was right in seeing this as a
    virus that will eventually infect the whole tree.
    None of these security modules should know jack anything about open
    requests and other TCP internals.
    This stuff is totally unmaintainable garbage.  And I do not want to
    hear "well how can we implement xxx which we need for yyy" because it
    isn't my problem that you can't figure out a clean way to do this
    Linus would similarly barf if he was given a patch that added
    hooks like "security_ext2_foo()".
    I totally reject this networking security stuff for 2.6.x
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 15:42:21 PST