| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <700885.76235.qm@web36601.mail.mud.yahoo.com> Date: Tue, 9 Oct 2007 09:02:42 -0700 (PDT) From: Casey Schaufler <casey@...aufler-ca.com> To: Stephen Smalley <sds@...ho.nsa.gov>, casey@...aufler-ca.com Cc: "Serge E. Hallyn" <serge@...lyn.com>, Kyle Moffett <mrmacman_g4@....com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Bill Davidsen <davidsen@....com>, James Morris <jmorris@...ei.org>, Andrew Morton <akpm@...ux-foundation.org>, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel --- Stephen Smalley <sds@...ho.nsa.gov> wrote: > On Mon, 2007-10-08 at 10:31 -0700, Casey Schaufler wrote: > > ... > > I wouldn't expect the whole thing to be more than a couple week's > > work for someone who really wanted to do it. > > Note that Serge said "SELinux re-written on top of Smack", not "rewrite > Smack to be more like SELinux". Sorry, the subtlety of the difference seems insignificant to me. > I don't believe the former is even > possible, given that Smack is strictly less expressive and granular by > design. Rewriting Smack to be more like SELinux should be possible, As I outlined, it wouldn't be that hard to rewack SELinux from Smack. > but seems like more work than emulating Smack on SELinux via policy, Y'all keep saying that, but since noone has actually done that SELinux policy, or anything like it, I maintain that it's not as easy as you are inclined to claim. It is certainly not the "I'll whip it up this weekend" sort of task that some have suggested. > and to what end? Well, there is that. I personally think that one implementation of SELinux is plenty. On the other hand, I think that if the concept of a single security architecture has value the advocates of that position ought to be looking at SELinux on/of Smack just as carefully as they look at Smack on/of SELinux. If they are not, I suggest that the Single Security Architecture argument is a sophistic device rather than a legitimate issue of technology and should thus be ignored. Casey Schaufler casey@...aufler-ca.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists