From: Casey Schaufler <casey@schaufler-ca.com>
To: Chris Wright <chrisw@sous-sol.org>,
Casey Schaufler <casey@schaufler-ca.com>
Cc: Adrian Bunk <bunk@kernel.org>, Simon Arlott <simon@fire.lp0.eu>,
Chris Wright <chrisw@sous-sol.org>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
Jan Engelhardt <jengelh@computergmbh.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andreas Gruenbacher <agruen@suse.de>,
Thomas Fricaccia <thomas_fricacci@yahoo.com>,
Jeremy Fitzhardinge <jeremy@goop.org>,
James Morris <jmorris@namei.org>,
Crispin Cowan <crispin@crispincowan.com>,
Giacomo Catenazzi <cate@debian.org>,
Alan Cox <alan@lxorguk.ukuu.org.uk>
Subject: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
Date: Wed, 24 Oct 2007 18:42:15 -0700 (PDT) [thread overview]
Message-ID: <183239.5113.qm@web36604.mail.mud.yahoo.com> (raw)
In-Reply-To: <20071025002356.GB3660@sequoia.sous-sol.org>
--- Chris Wright <chrisw@sous-sol.org> wrote:
> * Casey Schaufler (casey@schaufler-ca.com) wrote:
> > And don't give me the old "LKML is a tough crowd" feldercarb.
> > Security modules have been much worse. Innovation, even in
> > security, is a good thing and treating people harshly, even
> > "for their own good", is an impediment to innovation.
>
> I agree that innovation is critical to the success of Linux, and security
> is not immune to that. The trouble is that most of the security modules
> that have come forward have had some real serious shortcomings. I do
> believe it is prudent to keep in-tree security sensitive code under
> high scrutiny because we do not want to create security holes by adding
> problematic security code.
I agree that security code does need to provide security. What we
need to get away from is the automatic attacks that are based on 20th
century computer system assumptions. Things like "name based access
control is rediculous", and "a module can't be any good if it doesn't
deal with all objects", or "the granularity isn't fine enough". Look
at TOMOYO. It's chuck full of good ideas. Why spend so much energy
badgering them about not dealing with sockets? How about helping the
AppArmor crew come up with acceptable implementations rather than
whinging about the evils of hard links? And maybe, just maybe, we can
get away from the inevitable claim that you could do that with a few
minutes work in SELinux policy, but only if you're a security
professional of course.
Sure, some LSM proposals will be lousy, and some really will be
better done as an SELinux policy module. Some will even have merit
but require unreasonable interface changes. As people who care
about security (y'all who are only from the LKML are excused) it
is our obligation to look beyond the preconceived notions of what
is and isn't secure. Security is subjective. It's how you feel
about it.
Casey Schaufler
casey@schaufler-ca.com
next prev parent reply other threads:[~2007-10-25 1:42 UTC|newest]
Thread overview: 141+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <167451.96128.qm@web38607.mail.mud.yahoo.com>
2007-10-18 2:18 ` LSM conversion to static interface Linus Torvalds
2007-10-19 20:26 ` Andreas Gruenbacher
2007-10-19 20:40 ` Linus Torvalds
2007-10-20 11:05 ` Jan Engelhardt
2007-10-20 22:57 ` James Morris
2007-10-21 22:59 ` Adrian Bunk
2007-10-23 4:09 ` LSM conversion to static interface [revert patch] Arjan van de Ven
2007-10-23 4:56 ` James Morris
2007-10-23 4:57 ` Arjan van de Ven
2007-10-23 5:16 ` Chris Wright
2007-10-23 9:10 ` Jan Engelhardt
2007-10-23 9:13 ` Chris Wright
2007-10-23 9:14 ` Jan Engelhardt
2007-10-24 0:31 ` Jeremy Fitzhardinge
2007-10-24 0:32 ` Chris Wright
2007-10-24 5:06 ` Arjan van de Ven
2007-10-24 11:50 ` Linux Security *Module* Framework (Was: LSM conversion to static interface Simon Arlott
2007-10-24 12:55 ` Adrian Bunk
2007-10-24 18:11 ` Linux Security *Module* Framework (Was: LSM conversion to static interface) Simon Arlott
2007-10-24 18:51 ` Jan Engelhardt
2007-10-24 18:59 ` Simon Arlott
2007-10-24 19:04 ` Jan Engelhardt
2007-10-24 21:02 ` David P. Quigley
2007-10-24 21:37 ` Serge E. Hallyn
2007-10-24 21:51 ` Jan Engelhardt
2007-10-24 22:02 ` David P. Quigley
2007-10-24 23:13 ` Jan Engelhardt
2007-10-25 1:50 ` david
2007-10-25 3:50 ` Kyle Moffett
2007-10-24 21:42 ` Jan Engelhardt
2007-10-24 21:58 ` Casey Schaufler
2007-10-24 22:04 ` David P. Quigley
2007-10-25 11:38 ` Simon Arlott
2007-10-24 20:18 ` Crispin Cowan
2007-10-24 20:46 ` Jan Engelhardt
2007-10-24 21:29 ` Casey Schaufler
2007-10-24 22:31 ` Adrian Bunk
2007-10-24 22:58 ` Casey Schaufler
2007-10-24 23:32 ` Adrian Bunk
2007-10-24 23:42 ` Linus Torvalds
2007-10-25 0:41 ` Chris Wright
2007-10-25 2:19 ` Arjan van de Ven
2007-10-30 3:37 ` Toshiharu Harada
2007-10-25 1:03 ` Casey Schaufler
2007-10-25 0:23 ` Chris Wright
2007-10-25 0:35 ` Ray Lee
2007-10-25 1:26 ` Peter Dolding
2007-10-25 1:41 ` Alan Cox
2007-10-25 2:11 ` david
2007-10-25 18:17 ` Ray Lee
2007-10-25 22:21 ` Alan Cox
2007-10-26 3:45 ` david
2007-10-26 5:44 ` Peter Dolding
2007-10-27 18:29 ` Pavel Machek
2007-10-28 18:48 ` Hua Zhong
2007-10-28 19:05 ` Hua Zhong
2007-10-28 22:08 ` Crispin Cowan
2007-10-28 22:50 ` Alan Cox
2007-11-26 20:42 ` serge
2007-10-28 23:55 ` Peter Dolding
2007-10-29 5:12 ` Arjan van de Ven
2007-10-25 9:19 ` Bernd Petrovitsch
2007-10-25 16:04 ` Ray Lee
2007-10-25 17:10 ` Arjan van de Ven
2007-10-30 9:41 ` Bernd Petrovitsch
2007-10-25 1:42 ` Casey Schaufler [this message]
2007-10-27 18:22 ` Pavel Machek
2007-10-28 19:42 ` Linux Security *Module* Framework Tilman Schmidt
2007-10-28 20:46 ` Jan Engelhardt
2007-10-30 3:23 ` Linux Security *Module* Framework (Was: LSM conversion to static interface) Toshiharu Harada
2007-10-30 8:40 ` Jan Engelhardt
2007-10-30 8:50 ` Crispin Cowan
2007-10-30 9:27 ` Jan Engelhardt
2007-10-30 9:21 ` Toshiharu Harada
2007-10-25 11:44 ` Simon Arlott
2007-10-25 23:09 ` Tilman Schmidt
2007-10-26 2:56 ` Greg KH
2007-10-26 7:09 ` Jan Engelhardt
2007-10-26 15:54 ` Greg KH
2007-10-26 9:46 ` Tilman Schmidt
2007-10-26 15:58 ` Greg KH
2007-10-26 16:32 ` Simon Arlott
2007-10-27 14:07 ` eradicating out of tree modules (was: Linux Security *Module* Framework) Tilman Schmidt
2007-10-28 1:21 ` Adrian Bunk
2007-10-26 23:26 ` Linux Security *Module* Framework (Was: LSM conversion to static interface) Adrian Bunk
2007-10-27 14:47 ` eradicating out of tree modules (was: : Linux Security *Module* Framework) Tilman Schmidt
2007-10-27 17:31 ` eradicating out of tree modules Stefan Richter
2007-10-28 0:55 ` eradicating out of tree modules (was: : Linux Security *Module* Framework) Adrian Bunk
2007-10-28 9:25 ` eradicating out of tree modules Stefan Richter
2007-10-28 12:01 ` Tilman Schmidt
2007-10-28 14:37 ` Stefan Richter
2007-10-28 14:59 ` Simon Arlott
2007-10-28 16:55 ` Tilman Schmidt
2007-10-28 18:51 ` Tilman Schmidt
2007-10-28 19:25 ` Adrian Bunk
2007-10-30 0:29 ` Tilman Schmidt
2007-10-30 13:11 ` linux-os (Dick Johnson)
2007-10-30 13:19 ` Xavier Bestel
2007-10-30 15:30 ` Greg KH
2007-10-29 23:51 ` Out-of-tree modules [was: Linux Security *Module* Framework] Jan Engelhardt
2007-10-30 0:46 ` Lee Revell
2007-10-30 1:19 ` Jan Engelhardt
2007-10-27 14:08 ` Linux Security *Module* Framework (Was: LSM conversion to static interface Tetsuo Handa
2007-11-05 6:42 ` Crispin Cowan
2007-10-23 9:13 ` Jan Engelhardt
2007-10-23 5:44 ` Giacomo Catenazzi
2007-10-23 8:55 ` Jan Engelhardt
2007-10-23 9:14 ` Giacomo A. Catenazzi
2007-10-23 9:18 ` Jan Engelhardt
2007-10-23 15:20 ` Serge E. Hallyn
2007-10-23 15:28 ` Jan Engelhardt
2007-10-23 15:34 ` Serge E. Hallyn
2007-10-25 10:23 ` Valdis.Kletnieks
2007-10-19 21:07 ` James Morris
2007-10-22 1:12 ` Crispin Cowan
2007-10-29 10:01 Linux Security *Module* Framework (Was: LSM conversion to static interface) Rob Meijer
2007-10-29 10:24 ` Crispin Cowan
2007-10-29 13:32 ` Peter Dolding
-- strict thread matches above, loose matches on Subject: below --
2007-10-29 19:04 Rob Meijer
2007-10-29 19:41 ` Crispin Cowan
2007-10-30 5:13 ` Peter Dolding
2007-10-30 18:42 ` Jan Engelhardt
2007-10-30 19:14 ` Casey Schaufler
2007-10-30 19:50 ` Jan Engelhardt
2007-10-30 23:38 ` Peter Dolding
2007-10-31 0:16 ` david
2007-10-31 2:21 ` Peter Dolding
2007-10-31 3:43 ` Casey Schaufler
2007-10-31 5:08 ` david
2007-10-31 6:43 ` Crispin Cowan
2007-10-31 9:03 ` Peter Dolding
2007-10-31 10:10 ` Toshiharu Harada
2007-11-01 2:04 ` Peter Dolding
2007-11-01 2:20 ` Casey Schaufler
2007-11-01 2:51 ` Peter Dolding
2007-11-01 7:17 ` Jan Engelhardt
2007-11-01 11:49 ` David Newall
2007-11-04 1:28 ` Peter Dolding
2007-11-05 6:56 ` Andrew Morgan
2007-11-05 13:29 ` Serge E. Hallyn
2007-10-29 20:27 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=183239.5113.qm@web36604.mail.mud.yahoo.com \
--to=casey@schaufler-ca.com \
--cc=agruen@suse.de \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=bunk@kernel.org \
--cc=cate@debian.org \
--cc=chrisw@sous-sol.org \
--cc=crispin@crispincowan.com \
--cc=jengelh@computergmbh.de \
--cc=jeremy@goop.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=simon@fire.lp0.eu \
--cc=thomas_fricacci@yahoo.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox