Re: What went wrong with LSM, was: Re: [BK PATCH] LSM changes for 2.5.59

From: Casey Schaufler (caseyat_private)
Date: Wed Feb 12 2003 - 17:56:10 PST

  • Next message: Crispin Cowan: "Re: What went wrong with LSM, was: Re: [BK PATCH] LSM changes for 2.5.59"

    'Christoph Hellwig' wrote:
    
    > And here we see _the_ problem with the LSM process.
    
    I personally don't agree with the subject line,
    as I don't believe that anything "went wrong" with
    LSM. True, it's not what I want, but then my contribution
    wasn't what it needed to be to make it such, either.
    I often disagreed with the directions, and was sometimes
    surprised, but that kind of thing happens in a large
    group environment. My sage wisdom was considered
    more often than not, even if it was discarded unused
    from time to time.
    
    I've been retrofitting security policy into U2X systems
    since the 1980's, first Orange Book and now Common
    Criteria, and it's HARD. LSM is a fine first whack.
    No one should dispair that it fails to meet a particular
    need exactly, or that those meany maintainers won't
    accept your hook without seeing the code that uses it.
    Alan Cox described the Linux development process as
    climbing over a fence with everyones hands in each others
    pockets, and I think that describes LSM pretty well.
    
    Advanced security features are unpopular, and
    all evidience points to them remaining so. We, as
    a development community, have yet to convince the
    great insecure masses that they want to see audit
    trails, user clearances, and time of day controls
    in "their" kernels. Heck, we have yet to convince
    each other! But buck up, I fully expect we'll do
    better next round, and better the time after that,
    as well.
    
    LSM isn't finished because Linux isn't finished
    and as a group we security developers are a
    tenacious (stubborn? pig headed maybe?) lot.
    
    -- 
    
    Casey Schaufler				Manager, Trust Technology, SGI
    caseyat_private				voice: 650.933.1634
    casey_pat_private			Pager: 877.557.3184
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Feb 12 2003 - 17:57:37 PST