[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki)
From: |
Adam Jerome |
Subject: |
Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki) |
Date: |
Mon, 11 Feb 2008 16:15:24 -0700 |
Feb 11, 2008 at 12:14 PM, "Alon Bar-Lev" <address@hidden> wrote:
> On 2/11/08, Adam Jerome <address@hidden> wrote:
>> As for Novell/SuSE, I suspect that the work done by upstream to make
>> LSM static-link only will most likely be reverted for SLED/SLES 11.
>> Meaning that LSM may continue to be a viable alternative for some time.
That is a great question. I am not sure I have the correct answer.
I do know that as the patch was being considered, Linus called for anyone
to refute the patch; and more specifically, he asked all projects that were
using LSM (that might be considering submission of their project
upstream at some point) to make them self known. From what I saw, no
such projects made themselves known.
>From a (rather hard-core) upstream perception, the only one using LSM
was SELinux (being that they were the only ones who had submitted
upstream). So, (as the logic went), if SELinux is the only valid LSM
client and SELinux is a compiled-in kernel enhancement, why leave a
dynamic link LSM interface open which might be a security threat itself?
So, in the name of "nobody else will fess up to using LSM" and "A
dynamic LSM interface is a security threat", Linus accepted the patch
which closed LSM to dynamically loaded modules.
I feel that this action was hasty; that making LSM a static-link-only
interface is very short-sited. It shut the door to many up-and-comming
security related projects (that were just not ready for submission upstream).
This action obviously gives an unfair advantage to the SELinux camp.
-adam
- Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki), (continued)
- Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki), jim burns, 2008/02/05
- Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki), John Ogness, 2008/02/06
- Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki), Alon Bar-Lev, 2008/02/08
- Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki), John Ogness, 2008/02/09
- Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki), Alon Bar-Lev, 2008/02/09
- Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki), Adam Jerome, 2008/02/11
- Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki), John Ogness, 2008/02/20
- Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki), Adam Jerome, 2008/02/11
- Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki), Alon Bar-Lev, 2008/02/11
- Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki), John Ogness, 2008/02/11
- Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki),
Adam Jerome <=
- Re: [Dazuko-devel] Dazuko's 6th birthday (Wiki), John Ogness, 2008/02/20