Alexander Viro wrote:
>As for "highly secure"... Could we please
>see some proof? Clearly stated properties with code audit to verify them
>would be nice.
There has been some work done on automated analysis of the LSM hooks
to verify that hooks are placed everywhere they are needed, and LSM
benefitted from this. See, e.g.,
http://www.usenix.org/publications/library/proceedings/sec02/zhang.html
>I'm yet to see a single shred of evidence that so-called security improvements
>actually do improve security (as opposed to feeling of security - quite
>a different animal).
Adding LSM support to the kernel does not itself improve security.
However, LSM support enables modules to add security. And yes, there
are some substantial security wins available here.
Are you familiar with privilege separation in SSH? One of the promises
of LSM is that it provides a way that we could systematically apply
privilege separation to many (or all) of our security-critical apps.
Existing mechanisms in the OS are too coarse-grained to be adequate for
privilege separation; LSM gives us a way to change all that. This would
be a big improvement in security.
I've never been shy of criticizing feel-good solutions. LSM is not a
feel-good solution; it's a real step forward.
This really is real stuff. This is not snake oil. Honest.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/