Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Greg KH <greg@xxxxxxxxx>
- Date: Mon, 17 Apr 2006 12:51:46 -0700
On Mon, Apr 17, 2006 at 03:20:55PM -0400, James Morris wrote:
On Mon, 17 Apr 2006, Christoph Hellwig wrote:
Or, better, remove LSM itself ;)
Seriously that makes a lot of sense. All other modules people have come up
with over the last years are irrelevant and/or broken by design.
It's been nearly a year since I proposed this, and we've not seen any
appropriate LSM modules submitted in that time.
See
http://thread.gmane.org/gmane.linux.kernel.lsm/1120
http://thread.gmane.org/gmane.linux.kernel.lsm/1088
The only reason I can see to not delete it immediately is to give BSD
secure levels users a heads-up, although I thought it was already slated
for removal. BSD secure levels is fundamentally broken and should
never have gone into mainline.
I agree about the BSD secure levels code, it has a known reported
security problem, with no response by its maintainers. On that aspect
alone, it should be removed.
But for removing LSM entirely, I'm starting to like your patch. It's
been a very long time and so far, only out-of-tree LSMs are present,
with no public statements about getting them submitted into the main
kernel tree. And, I think almost all of the out-of-tree modules already
need other kernel patches to get their code working properly, so what's
a few more hooks needed...
/me pokes the bushes to flush out the people lurking
Oh, but do remember, the main goal of LSM was to stop people from
arguing about different security models. Now that it is in, we haven't
had any bickering about different types of things that should go into
mainline, all with different models and usages. Everyone gets to play
in their own sandbox and not worry about anyone else. If the LSM
interface was to go away, that problem would start happening again, and
I don't think we want to go there.
So, I think the only way to be able to realisticly keep the LSM
interface, is for a valid, working, maintained LSM-based security model
to go into the kernel tree. So far, I haven't seen any public posting
of patches that meet this requirement :(
thanks,
greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Jan Engelhardt
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Alan Cox
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Arjan van de Ven
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- References:
- [RFC][PATCH 2/7] implementation of LSM hooks
- From: Török Edwin
- Re: [RFC][PATCH 2/7] implementation of LSM hooks
- From: Stephen Smalley
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Török Edwin
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Stephen Smalley
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Christoph Hellwig
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Stephen Smalley
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Christoph Hellwig
- Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: James Morris
- [RFC][PATCH 2/7] implementation of LSM hooks
- Prev by Date: [PATCH] kdump: x86_64 add crashdump trigger points
- Next by Date: Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- Previous by thread: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- Next by thread: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- Index(es):
Relevant Pages
|
