Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753793AbXJaDnx (ORCPT ); Tue, 30 Oct 2007 23:43:53 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752481AbXJaDnp (ORCPT ); Tue, 30 Oct 2007 23:43:45 -0400 Received: from web36615.mail.mud.yahoo.com ([209.191.85.32]:20637 "HELO web36615.mail.mud.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1751981AbXJaDno (ORCPT ); Tue, 30 Oct 2007 23:43:44 -0400 X-YMail-OSG: Wu7JmgUVM1k0tZ4Gvw1dcJ59JbHhe1QmxhUArCa8wxAoPzXSQTHNqS3M6PgV5JG62Lku_QKx.w-- X-RocketYMMF: rancidfat Date: Tue, 30 Oct 2007 20:43:43 -0700 (PDT) From: Casey Schaufler Reply-To: casey@schaufler-ca.com Subject: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface) To: Peter Dolding , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Message-ID: <987866.49546.qm@web36615.mail.mud.yahoo.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1766 Lines: 40 --- Peter Dolding wrote: > Lets end the bitrot. Start having bits go into the main OS security > features where they should be. Gawd. Sorry, but we lost that argument in 1986 and the situation hasn't changed a bit since. Most people just don't want what we're selling. Do you know why Unix was a success and MULTICS* a failure? It's because Unix had mode bits and MULTICS had ACLs. Fortunately for those of us who wear titles like "Security Expert" or "Trust Technologist" with pride there are enough clinical paranoids in positions of authority to keep the Trusted System niche from closing up completely and hence supporting our Rock Star Lifestyles. The good news is that the situation is no worse than that faced by the people who are bringing you Infiniband or Itanium, neither of which will ever be the life of the party either. Sure security is important, but I learned (in college, and yes they had colleges way back then) not to drink too much at parties I'd crashed. LSM isn't all I want it to be either, but it's better than I ever got in the Proprietary OS world, and that includes when the MLS systems were bringing in $20million a pop. Trying to force features that virtually no one wants into any system is a bad idea. If you haven't read Man of LaMancha I strongly suggest you do so. Or at least see the play, it's got some catchy songs. ----- * If you don't know what MULTICS was you can buy me a beer and I'll tell you the whole story Casey Schaufler casey@schaufler-ca.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/