--- I'm sorry if you feel it was a personal attack. It seemed the appropriate noun for someone to whom this discrepancy in charter has been pointed out to before and who worked to silence those pointing out the discrepancy in public.That cast it into the light of deliberate conflicting statements which I used the common word "lie", but perhaps more politically correct would have been to say that I was confused by the apparent contradiction of the two statements.
One says 'simple'/'generic', the other says 'access checks only as implemented as patches on top of the questionable and vague policies that already exist. One deliberate design decision was to make the hooks "non-authoritative" which makes the resulting security policies as clean and easy to read as mud. It also made writing a clean/simple security policy impossible, with "kludges" suggested like "well just always override DAC checks with priviledges" and then do the real checks in the 'restrictive-only' LSM calls.
Please explain to me how this is simple or generic.
It's completely inappropriate for a security structure where increased complexity yields increased failure and lower ability to prove (confidence).
> > Security isn't just an afterthought you can patch on and cross > >your fingers and hope it won't break. It has to be designed in. > > People keep telling you that LSM does have a careful design for > security. I suspect what you really mean is that you don't like > the design we chose -- but that's different.
--- Please read what I said carefully. I didn't say that the "patched on security" wasn't carefully designed. I made no claims about how carefully it was designed. Carefulness of design avails you not, if the design isn't appropriate for the problem space.-l
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/