--=_courier-8634-1044866051-0001-2
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
'Christoph Hellwig' wrote:
>On Sun, Feb 09, 2003 at 07:40:17PM -0800, Crispin Cowan wrote:
>
>
>>[move security logic out to a module] It has many nice properties, but is much more invasive to the
>>kernel. I think it is a very interesting idea for 2.7, and should be
>>floated past the maintainers who will be impacted to see if it has a
>>hope in hell.
>>
>>
>*nod* and until we get that gets implemented we should remove the current
>mess..
>
Am I parsing this correctly, that we actually agree on something? :-)
I.e. that the idea of moving all the security logic to a module has merit.
Naturally, I disagree that we should remove the current LSM. The current
version was designed to be what Linus asked for. Many LSM people like
the idea of moving all the security logic out to a module, as it makes
the interface much cleaner. But it is also waaay beyond the scope of
what Linus asked for. It involves re-factoring so much code that we did
not think it could be done correctly on the first try, never mind trying
to get many code maintainers to accept much larger patches.
Crispin
-- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html Just say ".Nyet"
--=_courier-8634-1044866051-0001-2 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+R2PP5ZkfjX2CNDARAVrpAJ9YzJRTunsYKJPxlTBXCMufGUZGEgCeP1v7 9yR9A3BnIc4sPW4WOKq0HnM= =AP7q -----END PGP SIGNATURE-----
--=_courier-8634-1044866051-0001-2--