| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Oct 2007 19:19:33 -0700 From: Arjan van de Ven <arjan@...radead.org> To: Chris Wright <chrisw@...s-sol.org> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Adrian Bunk <bunk@...nel.org>, Casey Schaufler <casey@...aufler-ca.com>, Simon Arlott <simon@...e.lp0.eu>, Chris Wright <chrisw@...s-sol.org>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, Jan Engelhardt <jengelh@...putergmbh.de>, Andreas Gruenbacher <agruen@...e.de>, Thomas Fricaccia <thomas_fricacci@...oo.com>, Jeremy Fitzhardinge <jeremy@...p.org>, James Morris <jmorris@...ei.org>, Crispin Cowan <crispin@...spincowan.com>, Giacomo Catenazzi <cate@...ian.org>, Alan Cox <alan@...rguk.ukuu.org.uk> Subject: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface) On Wed, 24 Oct 2007 17:41:28 -0700 Chris Wright <chrisw@...s-sol.org> wrote: > * Linus Torvalds (torvalds@...ux-foundation.org) wrote: > > Do other people want to stand up and be "LSM maintainers" in the > > sense that they also end up being informed members who can also > > stand up for new modules and help merge them, rather than just push > > the existing one(s)? Chris? Casey? Crispin? > > Stephen and James, despite their clear bias towards SELinux, do try to > give good feedback. But you are right, there's not enough active help > for people trying to make a contribution to get their code in shape. > Many of the modules that come along have been misguided conceptually, > but I think that e.g. apparmor, tomoyo, smack could use that kind > of constructive help to get into final mergable shape. Personally, > I haven't spent nearly enough time reviewing those, my apologies to > those developers. So, yes, help is welcome. > I'll be happy to help out; I'd consider my self neutral in this space not having worked with any of the LSM out there. I do think we need to be somewhat critical to what we accept; we should at least be able to filter out "pretend security" somehow. (this is not the same as saying that you're bad if you only provide a limited security, in the contrary, I strongly believe in simple pieces. What I mean is that we should be critical to things that appear/claim to be strong but are not). Secondly, we should make sure that no new holes are added (the original SMACK series suffered from this, Al Viro helped getting that reviewed bigtime). In addition we probably should strive to getting some sort of rough "this is sort of where we draw the line" guideline set up, just to keep things more objective. (Oh and of course, if a security module is deeply involved in another kernel subsystem, say networking or the VFS, very obviously we should consult and listen to the respective maintainers of that subsystem; LSM is not there to be a big hook to bypass the process of well maintained subsystems) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists