From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner+willy=40w.ods.org-S1750758AbWDXMoI@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1750758AbWDXMoI (ORCPT <rfc822;willy@w.ods.org>);
	Mon, 24 Apr 2006 08:44:08 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1750755AbWDXMoH
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Mon, 24 Apr 2006 08:44:07 -0400
Received: from gate.in-addr.de ([212.8.193.158]:39095 "EHLO mx.in-addr.de")
	by vger.kernel.org with ESMTP id S1750742AbWDXMoG (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 24 Apr 2006 08:44:06 -0400
Date: Mon, 24 Apr 2006 14:44:40 +0200
From: Lars Marowsky-Bree <lmb@suse.de>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Valdis.Kletnieks@vt.edu, Ken Brush <kbrush@gmail.com>,
       linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
Message-ID: <20060424124440.GX440@marowsky-bree.de>
References: <4445484F.1050006@novell.com> <200604182301.k3IN1qh6015356@turing-police.cc.vt.edu> <4446D378.8050406@novell.com> <200604201527.k3KFRNUC009815@turing-police.cc.vt.edu> <ef88c0e00604210823j3098b991re152997ef1b92d19@mail.gmail.com> <200604211951.k3LJp3Sn014917@turing-police.cc.vt.edu> <ef88c0e00604221352p3803c4e8xea6074e183afca9b@mail.gmail.com> <200604230945.k3N9jZDW020024@turing-police.cc.vt.edu> <20060424082424.GH440@marowsky-bree.de> <1145882551.29648.23.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1145882551.29648.23.camel@localhost.localdomain>
X-Ctuhulu: HASTUR
User-Agent: Mutt/1.5.9i
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org

On 2006-04-24T13:42:31, Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:

> > That is about the dumbest argument I've heard so far, sorry. 
> Its the conclusion of most security experts I know that broken security
> is worse than no security at all. 

That would be the case of a security model the admin doesn't understand,
either because it is too complex (SELinux) or because it is too simple
as to invite sloppishness (AA), according to which side you ask. Hard
call.


Sincerely,
    Lars Marowsky-Brée

-- 
High Availability & Clustering
SUSE Labs, Research and Development
SUSE LINUX Products GmbH - A Novell Business	 -- Charles Darwin
"Ignorance more frequently begets confidence than does knowledge"