RE: [BK PATCH] LSM changes for 2.5.59

• Previous message: LA Walsh: "side issues of baloney with that ham...(was LSM changes for 2.5.59)"
• In reply to: David Wagner: "Re: [BK PATCH] LSM changes for 2.5.59"
• Next in thread: David Wagner: "Re: [BK PATCH] LSM changes for 2.5.59"
• Next in thread: 'Christoph Hellwig': "Re: [BK PATCH] LSM changes for 2.5.59"
• Reply: David Wagner: "Re: [BK PATCH] LSM changes for 2.5.59"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From: David Wagner
> LA Walsh wrote:
> >	Maybe I'm delusional, but you are contradicting yourself.  In
> >common terms, this is called lying.
> 
> No, he's not; even if he were, no, it's not.  Can't we do
> without the personal attacks and just stick to technical topics?
---
	I'm sorry if you feel it was a personal attack.  It seemed
the appropriate noun for someone to whom this discrepancy in charter
has been pointed out to before and who worked to silence those
pointing out the discrepancy in public.

	That cast it into the light of deliberate conflicting statements
which I used the common word "lie", but perhaps more politically
correct would have been to say that I was confused by the apparent
contradiction of the two statements.  

	One says 'simple'/'generic', the other says 'access checks only
as implemented as patches on top of the questionable and vague
policies that already exist.  One deliberate design decision was to
make the hooks "non-authoritative" which makes the resulting
security policies as clean and easy to read as mud.  It also made
writing a clean/simple security policy impossible, with "kludges"
suggested like "well just always override DAC checks with priviledges"
and then do the real checks in the 'restrictive-only' LSM calls.

	Please explain to me how this is simple or generic.

	It's completely inappropriate for a security structure where
increased complexity yields increased failure and lower ability
to prove (confidence).


> >	Security isn't just an afterthought you can patch on and cross
> >your fingers and hope it won't break.  It has to be designed in.  
> 
> People keep telling you that LSM does have a careful design for
> security.  I suspect what you really mean is that you don't like
> the design we chose -- but that's different.
---
	Please read what I said carefully.  I didn't say that the 
"patched on security" wasn't carefully designed.  I made no claims
about how carefully it was designed.  Carefulness of design avails
you not, if the design isn't appropriate for the problem space.

-l

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Russell Coker: "Re: LSM and UML!"
• Previous message: LA Walsh: "side issues of baloney with that ham...(was LSM changes for 2.5.59)"
• In reply to: David Wagner: "Re: [BK PATCH] LSM changes for 2.5.59"
• Next in thread: David Wagner: "Re: [BK PATCH] LSM changes for 2.5.59"
• Next in thread: 'Christoph Hellwig': "Re: [BK PATCH] LSM changes for 2.5.59"
• Reply: David Wagner: "Re: [BK PATCH] LSM changes for 2.5.59"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 12 2003 - 00:28:13 PST