Re: [RFC] [PATCH] Replace security fields with hashtable

From: James Morris (jmorris@private)
Date: Wed Oct 27 2004 - 08:12:28 PDT

On Wed, 27 Oct 2004, James Morris wrote:

> And composing more than a very small number of LSMs could be unsafe in
> any case, so a small static array should be enough.

Actually, I think security composition is such a difficult problem[1] that
we should not provide support for it via LSM.  The LSMs can themselves
implement and compose security models if needed, e.g. SELinux already does
this with TE/RBAC/MLS and self-stacks the capabilities code for
application compatibility (the latter could be done via a library and does
not need to be stacked).

I don't think arbitary composition of security models is a service that 
the Linux kernel should provide.

- James
James Morris

[1] e.g. see chapter 24 of Amoroso's Fundamentals of Computer Security &
the referenced papers on the topic.

This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 08:13:14 PDT