I am not fixated on (necesarily) a MVS-style thing, although the plea in
which I stated it is probably an appropriate time to begin taking a more
bifricated approach (kernel function vs security function) motivated my
response to you. I'm not as concerned about UNIX-hackers doing it wrong
as I am about the prevailing "everything is perfect", and "we don't need
it". [We are going to bury the competition, but only if we address the
enterprise issues].
I am not at all familiar with "how" MVS does its thing, and I (having
had some experience with MVS-kinfolk) believe that there is a better
"UNIX-WAY" (TM) to accomplish the needed separation. I like the gist of
what I've read on the "signing" thread.
Re: did I miss your post
Possibly. Bad time of year to stay "on track", at home, ya know...
For the most part I only read selective linux-kernel posts, and not
necessarily all of them.
Re: linux-kernel-design
I'd sure like to have a separate list for kernel-design! That's the only
part I have any time for at present.
bofh@snoopy.virtual.net.au wrote:
>
> > Since you have been thinking along these lines (and maybe getting ready
> > to do something??), how about partitioning the security from the logic
> > that manages the file system. (Sort of another plea to get people
> > thinking along the lines of an external authorization facility).
>
> Here is a paragraph from one of my previous messages which briefly covers the
> topic, I don't know whether you missed it or whether it simply hadn't reached
> your in-box before you sent the above:
>
> What if we had some sort of security interface for the kernel? So a daemon
> program could provide a security service to the kernel. The interface could
> allow multiple daemons supporting different types of security. Then to mount a
> secured filing system you would need to give the name of the encryption
> algorithm to use and the password.
>
> Now does that paragraph of mine match with what you were thinking of? Or
> were you thinking about the MVS style authentication servers that other people
> have been discussing (which is something I have not thought about and am not
> really interested in - it'd be a great feature and I'd use it if it was there,
> but I won't contribute code this decade).
>
> I was thinking about having a security server application do a blocking read
> of /dev/security. The kernel would then return it a block of data with
> appropriate flags indicating whether it needs to be compressed or uncompressed
> and containing it's password. Then the encryption server performs the
> appropriate actions and writes the data back to /dev/security...
>
>
> Russell Coker
>
>
> PS Does anyone think it would be a good idea to have seperate mailing lists
> for kernel design issues such as this and kernel implementation (IE debugging)?
-- Cheers, --ldl ----------------------------------------------------------------------------- LD Landis ldl@HealthPartners.Com N0YRQ Voice 612/883-5511 Fax 612/883-6363 HealthPartners, 8100 34th Avenue So, PO Box 1309, Minneapolis, MN 55440-1309 Shape your life not from your memories, but from your hopes. (Borrowed)"There are people who don't like capitalism, and there are people who don't like PCs, but there's no one who likes the PC who doesn't like Microsoft." - Bill Gates, interviewed by the L.A. Times, 22 Nov 96
Gee, I am "NO ONE"! Thanks Bill, it's nice to know (finally!). What VANITY! -----------------------------------------------------------------------------