RE: [BK PATCH] LSM changes for 2.5.59

From: LA Walsh (lawat_private)
Date: Wed Feb 12 2003 - 00:27:42 PST

  • Next message: Russell Coker: "Re: LSM and UML!"

    > From: David Wagner
    > LA Walsh wrote:
    > >	Maybe I'm delusional, but you are contradicting yourself.  In
    > >common terms, this is called lying.
    > 
    > No, he's not; even if he were, no, it's not.  Can't we do
    > without the personal attacks and just stick to technical topics?
    ---
    	I'm sorry if you feel it was a personal attack.  It seemed
    the appropriate noun for someone to whom this discrepancy in charter
    has been pointed out to before and who worked to silence those
    pointing out the discrepancy in public.
    
    	That cast it into the light of deliberate conflicting statements
    which I used the common word "lie", but perhaps more politically
    correct would have been to say that I was confused by the apparent
    contradiction of the two statements.  
    
    	One says 'simple'/'generic', the other says 'access checks only
    as implemented as patches on top of the questionable and vague
    policies that already exist.  One deliberate design decision was to
    make the hooks "non-authoritative" which makes the resulting
    security policies as clean and easy to read as mud.  It also made
    writing a clean/simple security policy impossible, with "kludges"
    suggested like "well just always override DAC checks with priviledges"
    and then do the real checks in the 'restrictive-only' LSM calls.
    
    	Please explain to me how this is simple or generic.
    
    	It's completely inappropriate for a security structure where
    increased complexity yields increased failure and lower ability
    to prove (confidence).
    
    
    > >	Security isn't just an afterthought you can patch on and cross
    > >your fingers and hope it won't break.  It has to be designed in.  
    > 
    > People keep telling you that LSM does have a careful design for
    > security.  I suspect what you really mean is that you don't like
    > the design we chose -- but that's different.
    ---
    	Please read what I said carefully.  I didn't say that the 
    "patched on security" wasn't carefully designed.  I made no claims
    about how carefully it was designed.  Carefulness of design avails
    you not, if the design isn't appropriate for the problem space.
    
    -l
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Feb 12 2003 - 00:28:13 PST