Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 18 Oct 2002 03:22:17 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 18 Oct 2002 03:22:16 -0400 Received: from leibniz.math.psu.edu ([146.186.130.2]:25331 "EHLO math.psu.edu") by vger.kernel.org with ESMTP id ; Fri, 18 Oct 2002 03:22:13 -0400 Date: Fri, 18 Oct 2002 03:28:10 -0400 (EDT) From: Alexander Viro To: Crispin Cowan cc: Christoph Hellwig , Greg KH , torvalds@transmeta.com, linux-kernel@vger.kernel.org, linux-security-module@wirex.com Subject: Re: [PATCH] remove sys_security In-Reply-To: <3DAFB260.5000206@wirex.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1677 Lines: 38 On Fri, 18 Oct 2002, Crispin Cowan wrote: > * server users can choose a highly secure model > * workstation users can choose something desktop oriented > * embedded people can choose nothing at all, or the specific > narrow-cast model that they need > > On the other hand: what is the big cost here? One system call. Isn't > that actually *lower* overhead than the (say) half dozen > security-oriented syscalls we might convince you to accept if we drop > the sys_security syscall as you suggest? Why the fierce desire to remove > something so cheap? Because ugliness has its price. As for "highly secure"... Could we please see some proof? Clearly stated properties with code audit to verify them would be nice. I'm yet to see a single shred of evidence that so-called security improvements actually do improve security (as opposed to feeling of security - quite a different animal). And in this case burden of proof is clearly on your side. What I _do_ see is a lucrative market for peddlers of feel-good "solutions" that do not make anything secure but have miles-long feature lists that can be used to impress PHBs. Now, I have no particular problems with people who help suckers part with their money, but I don't see any reason to support them. 3 or 4 patches that might be interesting would be better off without LSM. The rest... care to give a hard evidence that it is worth any support? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/