[rsbac] Remove LSM support from RSBAC 1.2.3-pre? Issues and
musings.
Amon Ott
ao at rsbac.org
Tue Oct 14 11:35:19 MEST 2003
On Tuesday, 14. October 2003 09:08, Stanislav Ievlev wrote:
> Have you ever contact with LSM developers? I'm sure they will add features
you need.
It is rather a basic design problem, not only features. I have been in
contact at the beginning of LSM, and I stated some things back then.
Yes, I know that some LSM people noticed that I did not go on discussing
things on the LSM list. Actually, I had no time and was a bit disappointed to
see that it all went into the wrong direction, after we had already discussed
the design priciples before with very different results.
Even if some of the missing items were changed, I would still need more. And
the whole hook design is broken, because all kernel data gets exported to any
module that likes to register, it is too low level and kernel version
dependent, and it provides no support for more than one module. The LSM
project's major fault is that it accepted Linus' order how it should look
like, regardless of known security principles.
BTW, I just got a mail from Brad (spender at grsecurity.net), who appreciated my
statement and fully agreed with me. I am still waiting for the LIDS statement.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list