Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7]implementation of LSM hooks)

[Arjan van de Ven]

On Mon, 2006-04-24 at 10:28 +0200, Lars Marowsky-Bree wrote:
> On 2006-04-23T16:58:47, Thomas Bleher <bleher@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> 
> > Later, the admin decides to save space, deletes the bin/ directory and
> > instead links /bin/ls into the chroot. Suddenly the system is easily
> > exploitable.
> 
> Security models can be compromised by root or by dumb accomplices. Film
> at eleven.

well this security model wants to partition root, more or less. So to
some degree looking at it makes sense; just not so much in the given
example ;)


> Seriously, this is not helpful. Could we instead focus on the
> technical argument wrt the kernel patches?

I disagree with your stance here; trying to poke holes in the mechanism
IS useful and important. In addition to looking at the kernel patches. 
I understand your employer wants this merged asap, but that's no reason
to try to stop discussions that try to poke holes in the security model.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/