[rsbac] Remove LSM support from RSBAC 1.2.3-pre? Issues and musings.

Amon Ott ao at rsbac.org
Tue Oct 14 11:35:19 MEST 2003

On Tuesday, 14. October 2003 09:08, Stanislav Ievlev wrote:
> Have you ever contact with LSM developers? I'm sure they will add features 
you need.

It is rather a basic design problem, not only features. I have been in 
contact at the beginning of LSM, and I stated some things back then.
Yes, I know that some LSM people noticed that I did not go on discussing 
things on the LSM list. Actually, I had no time and was a bit disappointed to 
see that it all went into the wrong direction, after we had already discussed 
the design priciples before with very different results.

Even if some of the missing items were changed, I would still need more. And 
the whole hook design is broken, because all kernel data gets exported to any 
module that likes to register, it is too low level and kernel version 
dependent, and it provides no support for more than one module. The LSM 
project's major fault is that it accepted Linus' order how it should look 
like, regardless of known security principles.

BTW, I just got a mail from Brad (spender at grsecurity.net), who appreciated my 
statement and fully agreed with me. I am still waiting for the LIDS statement.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list