Re: Linux Security *Module* Framework (Was: LSM conversion tostatic interface)

From: Chris Wright
Date: Wed Oct 24 2007 - 20:30:24 EST


* Casey Schaufler (casey@xxxxxxxxxxxxxxxx) wrote:
> And don't give me the old "LKML is a tough crowd" feldercarb.
> Security modules have been much worse. Innovation, even in
> security, is a good thing and treating people harshly, even
> "for their own good", is an impediment to innovation.

I agree that innovation is critical to the success of Linux, and security
is not immune to that. The trouble is that most of the security modules
that have come forward have had some real serious shortcomings. I do
believe it is prudent to keep in-tree security sensitive code under
high scrutiny because we do not want to create security holes by adding
problematic security code.

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/