Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754021AbXJ3HAA (ORCPT ); Tue, 30 Oct 2007 03:00:00 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752734AbXJ3G7w (ORCPT ); Tue, 30 Oct 2007 02:59:52 -0400 Received: from fep02.mfe.bur.connect.com.au ([203.63.86.22]:36009 "EHLO fep02.mfe.bur.connect.com.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752727AbXJ3G7v (ORCPT ); Tue, 30 Oct 2007 02:59:51 -0400 Message-ID: <4726E498.5060402@ii.net> Date: Tue, 30 Oct 2007 16:00:24 +0800 From: Cliffe User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: Al Viro CC: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: Re: Defense in depth: LSM *modules*, not a static interface References: <10965.80.126.27.205.1193684677.squirrel@webmail.xs4all.nl> <4726377A.4080807@crispincowan.com> <4726D9D9.2000909@ii.net> <20071030065540.GH8181@ftp.linux.org.uk> In-Reply-To: <20071030065540.GH8181@ftp.linux.org.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 966 Lines: 28 Al Viro wrote: > On Tue, Oct 30, 2007 at 03:14:33PM +0800, Cliffe wrote: > >> Defense in depth has long been recognised as an important secure design >> principle. Security is best achieved using a layered approach. >> > > "Layered approach" is not a magic incantation to excuse any bit of snake > oil. Homeopathic remedies might not harm (pure water is pure water), > but that's not an excuse for quackery. And frankly, most of the > "security improvement" crowd sound exactly like woo-peddlers. > I agree completely; but layers that provide actual security improvements are important. -- Z. Cliffe Schreuders BSc Comp Sci (Hons) & Int Comp PhD Candidate, Casual Tutor School of IT Murdoch University - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/