Message-ID: <4726E498.5060402@ii.net>
Date: Tue, 30 Oct 2007 16:00:24 +0800
From: Cliffe <cliffe@ii.net>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Al Viro <viro@ftp.linux.org.uk>
CC: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: Re: Defense in depth: LSM *modules*, not a static interface
References: <10965.80.126.27.205.1193684677.squirrel@webmail.xs4all.nl> <4726377A.4080807@crispincowan.com> <e7d8f83e0710292213h4cf9cddw6e373d60fbab41f9@mail.gmail.com> <4726D9D9.2000909@ii.net> <20071030065540.GH8181@ftp.linux.org.uk>
In-Reply-To: <20071030065540.GH8181@ftp.linux.org.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 966
Lines: 28

Al Viro wrote:
> On Tue, Oct 30, 2007 at 03:14:33PM +0800, Cliffe wrote:
>   
>> Defense in depth has long been recognised as an important secure design 
>> principle. Security is best achieved using a layered approach.
>>     
>  
> "Layered approach" is not a magic incantation to excuse any bit of snake
> oil.  Homeopathic remedies might not harm (pure water is pure water),
> but that's not an excuse for quackery.  And frankly, most of the
> "security improvement" crowd sound exactly like woo-peddlers.
>   

I agree completely; but layers that provide actual security improvements 
are important.

--

Z. Cliffe Schreuders
BSc Comp Sci (Hons) & Int Comp
PhD Candidate, Casual Tutor
School of IT
Murdoch University
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/