RE: [BK PATCH] LSM changes for 2.5.59

From: LA Walsh (
Date: Wed Feb 12 2003 - 03:27:42 EST

> From: David Wagner
> LA Walsh wrote:
> > Maybe I'm delusional, but you are contradicting yourself. In
> >common terms, this is called lying.
> No, he's not; even if he were, no, it's not. Can't we do
> without the personal attacks and just stick to technical topics?

	I'm sorry if you feel it was a personal attack.  It seemed
the appropriate noun for someone to whom this discrepancy in charter
has been pointed out to before and who worked to silence those
pointing out the discrepancy in public.

That cast it into the light of deliberate conflicting statements which I used the common word "lie", but perhaps more politically correct would have been to say that I was confused by the apparent contradiction of the two statements.

One says 'simple'/'generic', the other says 'access checks only as implemented as patches on top of the questionable and vague policies that already exist. One deliberate design decision was to make the hooks "non-authoritative" which makes the resulting security policies as clean and easy to read as mud. It also made writing a clean/simple security policy impossible, with "kludges" suggested like "well just always override DAC checks with priviledges" and then do the real checks in the 'restrictive-only' LSM calls.

Please explain to me how this is simple or generic.

It's completely inappropriate for a security structure where increased complexity yields increased failure and lower ability to prove (confidence).

> > Security isn't just an afterthought you can patch on and cross > >your fingers and hope it won't break. It has to be designed in. > > People keep telling you that LSM does have a careful design for > security. I suspect what you really mean is that you don't like > the design we chose -- but that's different. --- Please read what I said carefully. I didn't say that the "patched on security" wasn't carefully designed. I made no claims about how carefully it was designed. Carefulness of design avails you not, if the design isn't appropriate for the problem space.


- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to More majordomo info at Please read the FAQ at

This archive was generated by hypermail 2b29 : Sat Feb 15 2003 - 22:00:38 EST