Re: security patches / lsm

[Nico Schottelius]

Chris Wright [Wed, Jun 09, 2004 at 10:40:25AM -0700]:
> * Nico Schottelius (nico-kernel@xxxxxxxxxxxxxxx) wrote:
> > Sorry for the late answer!
> > 
> > For me it looks like rsbac and grsecurity could get included in 2.6.
> > 
> > It looks like Amon did the work necessary to intergrate it into 2.6.
> > (have a look at http://www.rsbac.org/).
> > 
> > And grsecurity also works nice with 2.6
> > (http://www.grsecurity.net/download.php).
> > 
> > Who decides whether to integrate them or not?
> 
> Ultimately, that's Linus, often with some input from the rest of
> the community.  Look, it's very simple.  Create patches, submit for
> public review, update according to feedback, resubmit, etc.

Thought so, too.

> The main
> problem here is the patches above are invasive and considering where
> we are in the 2.6 series (read: concerned utmost about stability) large
> invasive patches aren't appropriate.

Ok. So waiting for 2.7 is much more senseful.

> Further, there's an infrastructure
> designed to support some of the features in the above patchsets, LSM.

As stated by Amon and others, LSM seems not to be the perfect thing.

> And the idle complaints that it's inadequate without engaging in dialog
> or supplying patches don't work very far towards a solution.
 
Well, where do you think should we discuss that? I think Amon
doesn't avoid this discussion.

Have a nice rest-weekend,

Nico

-- 
Keep it simple & stupid, use what's available.
Please use pgp encryption: 8D0E 27A4 is my id.
http://nerd-hosting.net | http://nico.schotteli.us

Attachment: pgp00000.pgp
Description: PGP signature