Re: New stacker performance results

From: Casey Schaufler (casey@schaufler-ca.com)
Date: Wed May 25 2005 - 18:01:03 PDT


--- James Morris <jmorris@private> wrote:
> On Wed, 25 May 2005, Crispin Cowan wrote:
> 
> > What constitutes "inappropriate" here?
> 
> In my view, LSM should be used for significantly
> enhancing access control 
> systems.
> 
> See:
>
http://www.ussg.iu.edu/hypermail/linux/kernel/0503.1/0300.html

>From that message:

> One of the reasons I would put forward for this
> is that it can be dangerous to allow the user to
> arbitrarily compose security modules.

Not to throw gasoline on the fire (Oh jiminies,
why not) but this is exactly what SELinux claims
as it's primary value, that the end user can
script her very own security policy.

Yes, it would be dangerous. That's why the
LSM hooks are restrictive, not authoritative.



Casey Schaufler
casey@schaufler-ca.com

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



This archive was generated by hypermail 2.1.3 : Wed May 25 2005 - 18:01:44 PDT