From: daw@mozart.cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] remove sys_security
Date: 18 Oct 2002 02:09:28 -0700 [thread overview]
Message-ID: <aool9n$1fh$1@abraham.cs.berkeley.edu> (raw)
In-Reply-To: Pine.GSO.4.21.0210180309540.18575-100000@weyl.math.psu.edu
[this is a re-post here of something I earlier sent to the LSM mailing list]
Alexander Viro wrote:
>As for "highly secure"... Could we please
>see some proof? Clearly stated properties with code audit to verify them
>would be nice.
There has been some work done on automated analysis of the LSM hooks
to verify that hooks are placed everywhere they are needed, and LSM
benefitted from this. See, e.g.,
http://www.usenix.org/publications/library/proceedings/sec02/zhang.html
>I'm yet to see a single shred of evidence that so-called security improvements
>actually do improve security (as opposed to feeling of security - quite
>a different animal).
Adding LSM support to the kernel does not itself improve security.
However, LSM support enables modules to add security. And yes, there
are some substantial security wins available here.
Are you familiar with privilege separation in SSH? One of the promises
of LSM is that it provides a way that we could systematically apply
privilege separation to many (or all) of our security-critical apps.
Existing mechanisms in the OS are too coarse-grained to be adequate for
privilege separation; LSM gives us a way to change all that. This would
be a big improvement in security.
I've never been shy of criticizing feel-good solutions. LSM is not a
feel-good solution; it's a real step forward.
This really is real stuff. This is not snake oil. Honest.
next prev parent reply other threads:[~2002-10-18 9:58 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-17 18:50 [PATCH] remove sys_security Christoph Hellwig
2002-10-17 18:53 ` Greg KH
2002-10-17 18:58 ` Christoph Hellwig
2002-10-17 19:07 ` Greg KH
2002-10-17 20:04 ` Christoph Hellwig
2002-10-17 20:10 ` Greg KH
2002-10-17 20:12 ` Christoph Hellwig
2002-10-18 7:04 ` Crispin Cowan
2002-10-18 7:07 ` David S. Miller
2002-10-18 8:31 ` Crispin Cowan
2002-10-18 8:29 ` David S. Miller
2002-10-18 12:52 ` Christoph Hellwig
2002-10-18 15:04 ` Greg KH
2002-10-19 2:05 ` Crispin Cowan
2002-10-18 7:11 ` Greg KH
2002-10-18 7:28 ` Alexander Viro
2002-10-18 9:02 ` Crispin Cowan
2002-10-18 13:05 ` Christoph Hellwig
2002-10-18 15:14 ` Valdis.Kletnieks
2002-10-18 15:18 ` Christoph Hellwig
2002-10-18 16:30 ` Russell Coker
2002-10-18 16:33 ` Christoph Hellwig
2002-10-18 16:53 ` Greg KH
2002-10-18 16:54 ` Russell Coker
2002-10-18 17:15 ` Stephen Smalley
2002-10-18 22:36 ` Chris Wright
2002-10-21 13:54 ` Mike Wray
2002-10-21 14:09 ` Christoph Hellwig
2002-10-21 16:44 ` Mike Wray
2002-10-21 17:36 ` Christoph Hellwig
2002-10-18 20:36 ` David Wagner
2002-10-18 17:44 ` Stephen Smalley
2002-10-18 16:38 ` Russell Coker
2002-10-18 16:52 ` Richard B. Johnson
2002-10-18 9:09 ` David Wagner [this message]
2002-10-18 10:14 ` Russell Coker
2002-10-18 12:50 ` Christoph Hellwig
2002-10-17 20:30 ` Jeff Garzik
2002-10-17 21:00 ` Russell Coker
2002-10-17 21:10 ` Jeff Garzik
2002-10-17 21:37 ` Russell Coker
2002-10-17 21:49 ` Alexander Viro
2002-10-17 22:14 ` Russell Coker
2002-10-17 22:22 ` Andreas Dilger
2002-10-23 0:35 ` Stephen C. Tweedie
2002-10-23 11:43 ` Russell Coker
2002-10-23 11:59 ` Stephen C. Tweedie
2002-10-23 14:27 ` Stephen Smalley
2002-10-23 14:54 ` Stephen C. Tweedie
2002-10-23 16:09 ` Stephen Smalley
2002-10-23 16:24 ` Christoph Hellwig
2002-10-23 16:34 ` Stephen Smalley
2002-10-23 16:36 ` Christoph Hellwig
2002-10-23 16:51 ` Stephen Smalley
2002-10-24 6:26 ` Nathan Scott
2002-10-24 8:45 ` Russell Coker
2002-10-17 20:45 ` Russell Coker
2002-10-21 13:57 ` Alan Cox
2002-10-21 21:12 ` Crispin Cowan
2002-10-21 21:17 ` Greg KH
2002-10-22 12:22 ` Stephen Smalley
2002-10-17 20:20 ` Russell Coker
2002-10-17 20:27 ` Christoph Hellwig
2002-10-17 20:28 ` Greg KH
2002-10-17 19:05 ` Alexander Viro
2002-10-17 20:18 ` David S. Miller
2002-10-17 20:36 ` Greg KH
2002-10-17 20:38 ` David S. Miller
2002-10-17 20:58 ` Greg KH
2002-10-17 20:58 ` David S. Miller
2002-10-17 22:09 ` Greg KH
2002-10-17 22:07 ` David S. Miller
2002-10-17 22:19 ` Greg KH
2002-10-18 8:00 ` Crispin Cowan
2002-10-18 7:57 ` David S. Miller
2002-10-18 13:08 ` Christoph Hellwig
2002-10-17 21:54 ` David Wagner
2002-10-17 22:36 ` David S. Miller
2002-10-17 23:04 ` Chris Wright
2002-10-17 23:08 ` David S. Miller
2002-10-18 14:24 ` Jakob Oestergaard
2002-10-17 22:51 ` Andreas Steinmetz
2002-10-17 22:51 ` David S. Miller
2002-10-18 17:47 ` Daniel Egger
2002-10-17 23:00 ` Jeff Garzik
2002-10-17 22:56 ` David S. Miller
2002-10-17 23:09 ` Greg KH
2002-10-17 23:10 ` Chris Wright
2002-10-17 23:10 ` Andreas Steinmetz
2002-10-18 13:11 ` Christoph Hellwig
2002-10-17 23:11 ` Greg KH
[not found] <20021017201030.GA384@kroah.com.suse.lists.linux.kernel>
[not found] ` <20021017211223.A8095@infradead.org.suse.lists.linux.kernel>
[not found] ` <3DAFB260.5000206@wirex.com.suse.lists.linux.kernel>
[not found] ` <20021018.000738.05626464.davem@redhat.com.suse.lists.linux.kernel>
[not found] ` <3DAFC6E7.9000302@wirex.com.suse.lists.linux.kernel>
2002-10-18 9:25 ` Andi Kleen
2002-10-18 9:36 ` Crispin Cowan
2002-10-18 9:44 ` Andi Kleen
2002-10-18 9:55 ` Russell Coker
2002-10-18 10:13 ` Andi Kleen
2002-10-18 17:24 ` Rik van Riel
2002-10-18 11:43 ` Andreas Ferber
[not found] <20021023155457.L2732@redhat.com.suse.lists.linux.kernel>
[not found] ` <Pine.GSO.4.33.0210231112420.7042-100000@raven.suse.lists.linux.kernel>
2002-10-23 16:33 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='aool9n$1fh$1@abraham.cs.berkeley.edu' \
--to=daw@mozart.cs.berkeley.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox