Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks

[James Morris]

On Tue, 18 Apr 2006, Crispin Cowan wrote:

> SELinux has NSA legacy, and that is reflected in their inode design: it
> is much better at protecting secrecy, which is the NSA's historic
> mission.

No.  The inode design is simply correct.

Consider the following:

What if Unix DAC security was implemented via pathnames, using a 
configuration file and regexp matching enginer in the kernel, invoked 
during file access, rather than the existing scheme of checking inode 
ownership and permission attributes?

SELinux labels objects directly because it's the right thing to do.

To also clarify: the legacy of SELinux is in the decades of research 
performed into providing more comprehensive security than the original 
secrecy-oriented TCSEC schemes.  And conflating a highly loaded term such 
as "NSA's historic mission" with an implementation specific aspect of 
SELinux is useless in a technical discussion and IMHO totally 
inappropriate.



- James
-- 
James Morris
<jmorris@xxxxxxxxx>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/