Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

From: Arjan van de Ven
Date: Mon Apr 24 2006 - 12:54:04 EST

Next message: linux-os (Dick Johnson): "Re: Van Jacobson's net channels and real-time"
Previous message: Auke Kok: "Re: Van Jacobson's net channels and real-time"
In reply to: David Lang: "Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementationof LSM hooks)"
Next in thread: Stephen Smalley: "Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
> the 'hard shell, soft center' approach isn't as secure as 'full
> hardening' (assuming that both are properly implemented), but the fact
> that it's far easier to understand and configure the hard shell means that
> it's also far more likly to be implemented properly.

I can certainly see value in a "take away degrees of freedom" approach.
In fact many security approaches are just that, and that's just fine
with me, and clearly of value.

There is a distinction between really taking away a degree of freedom
and just appearing to do so + easy workaround. Which is why we're having
this discussion, to make sure AppArmor is of the former type ;)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: linux-os (Dick Johnson): "Re: Van Jacobson's net channels and real-time"
Previous message: Auke Kok: "Re: Van Jacobson's net channels and real-time"
In reply to: David Lang: "Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementationof LSM hooks)"
Next in thread: Stephen Smalley: "Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]