linux-kernel mailing list removed from the CC list (again), they've probably heard too much of this discussion already. > Why shouldn't I be able to config the kernel at compile time > to include the basest of functionality, I put in a terminal program, > maybe, a copy of a video and audio player, device drivers for a dvd/cdrom, > an ethernet interface and maybe a custom remote/LCD display. Where > do I need or want UIDs' or want checks for 'execute' access? If I > call 'exec', its because it's burned into the ROM that way and I don't > care about 'execute' bits. > > Maybe I'd be able to configure out paging support as well...Think > of linux in your toaster with a cute penguin on the side... You load My iPaQ has much more RAM and almost as much storage as my first Linux SERVER, and it's not even a big iPaQ! Linux on a toaster in future will probably have similar hardware capabilities to my iPaQ today. Your points are reasonable, but you seem to be neglecting the huge advances in hardware that have been made recently. If you can give a toaster 4M of RAM and 16M of Flash (which used to be enough for a Linux server and is considerably smaller than any iPaQ on the market today) then does it matter if you don't remove some code you don't really need? If making the DAC code a module slows down non-LSM servers and takes a lot of programmer time to implement, is it a useful effort? If making DAC a module can result in code improvements in the general case then it might be good to have. But I really doubt it'll get anywhere. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Feb 12 2003 - 01:11:31 PST