| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4726A3A2.7060205@nttdata.co.jp> Date: Tue, 30 Oct 2007 12:23:14 +0900 From: Toshiharu Harada <haradats@...data.co.jp> To: casey@...aufler-ca.com CC: Chris Wright <chrisw@...s-sol.org>, Adrian Bunk <bunk@...nel.org>, Simon Arlott <simon@...e.lp0.eu>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, Jan Engelhardt <jengelh@...putergmbh.de>, Linus Torvalds <torvalds@...ux-foundation.org>, Andreas Gruenbacher <agruen@...e.de>, Thomas Fricaccia <thomas_fricacci@...oo.com>, Jeremy Fitzhardinge <jeremy@...p.org>, James Morris <jmorris@...ei.org>, Crispin Cowan <crispin@...spincowan.com>, Giacomo Catenazzi <cate@...ian.org>, Alan Cox <alan@...rguk.ukuu.org.uk> Subject: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface) On 10/25/2007 10:42 AM, Casey Schaufler wrote: > I agree that security code does need to provide security. What we > need to get away from is the automatic attacks that are based on 20th > century computer system assumptions. Things like "name based access > control is rediculous", and "a module can't be any good if it doesn't > deal with all objects", or "the granularity isn't fine enough". Look > at TOMOYO. It's chuck full of good ideas. Why spend so much energy > badgering them about not dealing with sockets? How about helping the > AppArmor crew come up with acceptable implementations rather than > whinging about the evils of hard links? And maybe, just maybe, we can > get away from the inevitable claim that you could do that with a few > minutes work in SELinux policy, but only if you're a security > professional of course. Casey, Thank you introducing TOMOYO Linux. I really like your idea of simplified MAC (and you work so hard!). I also find advantages of AppArmor for distributing policies with less hustle. Finally and most importantly, I respect SELinux as the first in-tree, flexible and reliable security frame work and respect developers involved. As a project manager of TOMOYO Linux, I would like to push it, of course. But I noticed, if each of LSM module developer begin pushing their own code, that's not for the sake of Linux and we may end up with chaos. Instead of pushing TOMOYO Linux, I started developing comparison chart of security-enhance Linux implementations. The current version can be found in http://tomoyo.sourceforge.jp/wiki-e/?WhatIs#comparison I would like to receive feedbacks from Stephen, Crispin (you already have a comparison, though :), Casey and any people interested in. If possible, I would like to include opinions from BSD people. I would like LSM to be the result of common requirements. "Common" means good in general, but not always for security perspective. IMHO, I think it is possible for us to get to the conclusion not to have a framework. Cheers (and with love to Linux), Toshiharu Harada - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists