Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
From: Arjan van de Ven
Date: Mon Apr 24 2006 - 12:54:04 EST
>
> the 'hard shell, soft center' approach isn't as secure as 'full
> hardening' (assuming that both are properly implemented), but the fact
> that it's far easier to understand and configure the hard shell means that
> it's also far more likly to be implemented properly.
I can certainly see value in a "take away degrees of freedom" approach.
In fact many security approaches are just that, and that's just fine
with me, and clearly of value.
There is a distinction between really taking away a degree of freedom
and just appearing to do so + easy workaround. Which is why we're having
this discussion, to make sure AppArmor is of the former type ;)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/