From: Cliffe <cliffe@ii.net>
To: Al Viro <viro@ftp.linux.org.uk>
Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: Re: Defense in depth: LSM *modules*, not a static interface
Date: Tue, 30 Oct 2007 16:00:24 +0800 [thread overview]
Message-ID: <4726E498.5060402@ii.net> (raw)
In-Reply-To: <20071030065540.GH8181@ftp.linux.org.uk>
Al Viro wrote:
> On Tue, Oct 30, 2007 at 03:14:33PM +0800, Cliffe wrote:
>
>> Defense in depth has long been recognised as an important secure design
>> principle. Security is best achieved using a layered approach.
>>
>
> "Layered approach" is not a magic incantation to excuse any bit of snake
> oil. Homeopathic remedies might not harm (pure water is pure water),
> but that's not an excuse for quackery. And frankly, most of the
> "security improvement" crowd sound exactly like woo-peddlers.
>
I agree completely; but layers that provide actual security improvements
are important.
--
Z. Cliffe Schreuders
BSc Comp Sci (Hons) & Int Comp
PhD Candidate, Casual Tutor
School of IT
Murdoch University
next prev parent reply other threads:[~2007-10-30 7:00 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-29 19:04 Linux Security *Module* Framework (Was: LSM conversion to static interface) Rob Meijer
2007-10-29 19:41 ` Crispin Cowan
2007-10-30 5:13 ` Peter Dolding
2007-10-30 7:14 ` Defense in depth: LSM *modules*, not a static interface Cliffe
2007-10-30 6:55 ` Al Viro
2007-10-30 7:55 ` Crispin Cowan
2007-10-30 15:01 ` Casey Schaufler
2007-10-30 8:00 ` Cliffe [this message]
2007-10-30 12:30 ` Simon Arlott
2007-11-06 3:46 ` Crispin Cowan
2007-11-06 7:26 ` Cliffe
2007-11-06 23:59 ` Peter Dolding
2007-11-07 3:50 ` Cliffe
2007-11-07 3:35 ` Casey Schaufler
2007-11-07 4:11 ` Tetsuo Handa
2007-11-07 4:34 ` Peter Dolding
2007-11-07 4:34 ` Casey Schaufler
2007-10-30 18:42 ` Linux Security *Module* Framework (Was: LSM conversion to static interface) Jan Engelhardt
2007-10-30 19:14 ` Casey Schaufler
2007-10-30 19:50 ` Jan Engelhardt
2007-10-30 23:38 ` Peter Dolding
2007-10-31 0:16 ` david
2007-10-31 2:21 ` Peter Dolding
2007-10-31 3:43 ` Casey Schaufler
2007-10-31 5:08 ` david
2007-10-31 6:43 ` Crispin Cowan
2007-10-31 9:03 ` Peter Dolding
2007-10-31 10:10 ` Toshiharu Harada
2007-11-01 2:04 ` Peter Dolding
2007-11-01 2:20 ` Casey Schaufler
2007-11-01 2:51 ` Peter Dolding
2007-11-01 7:17 ` Jan Engelhardt
2007-11-01 11:49 ` David Newall
2007-11-04 1:28 ` Peter Dolding
2007-11-05 6:56 ` Andrew Morgan
2007-11-05 13:29 ` Serge E. Hallyn
2007-10-29 20:27 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4726E498.5060402@ii.net \
--to=cliffe@ii.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox