Re: Linux Security Module Framework (Was: LSM conversion to staticinterface)

From: david
Date: Thu Oct 25 2007 - 23:40:32 EST

Next message: Joe Perches: "Re: [PATCH 1/4] stringbuf: A string buffer implementation"
Previous message: Atsushi Nemoto: "Re: [PATCH] serial: do not call ->pm() on initialization forconsole port"
In reply to: Alan Cox: "Re: Linux Security *Module* Framework (Was: LSM conversion tostatic interface)"
Next in thread: Peter Dolding: "Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 25 Oct 2007, Alan Cox wrote:

There is a ton of evidence both in computing and outside of it which
shows that poor security can be very much worse than no security at all.

(So, I take it that you *don't* lock your bike up, as poor security is
worse than none?)

On the contrary because I know it is not secure I would

a) Insure it

and the unsurance company would have a clause in the policy that wouldn't cover you unless you used a lock, becouse they recognise that while it wouldn't stop everyone there is a large group of potential thieves that it would stop.

b) Not waste vast amounts of money on a useless expensive lock

who said the lock was expensive? and while you are not willing to spend money on a lock you are willing to spend (much more) money on an insurance policy.

David Lang

c) Make sure the bike looked not worth stealing
d) Take the saddle with me

(or the software versions of that

a) Keep backups
b) Not waste vast amounts of money on bogus security software
c) Keep the system looking uninteresting
d) Encrypt the data)

'Inappropriate risks' nowadays is surfing the web and opening up mail
attachments that claim to be movies of dancing bears. I'd argue that
users have a reasonable expectation that these are things that should
'just work,' and be safe, much as normal humans have an expectation
that their car isn't going to explode when they turn the ignition.

Yes and its very clear from the things said by politicians that if the
computer software people don't do this soon, the legislators will make
very sure they do by stripping away all the techniques used to hide from
liability for failure.

Perfect is the enemy of good, or words to that effect, right? My point
is that requiring perfection out of a security framework is a bar
that's going to be awfully difficult to reach (and when it supposedly
has been achieved, as in SELinux, mere mortals find it too troublesome
to run with as it's far too difficult to configure). Security can and
should be done in layers, and what one may miss, another may catch.

Absolutely - but those layers should do whatever they do *right* and
really do it, whether they are complex whole system controls like SELinux
or simple network security tools.

Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Joe Perches: "Re: [PATCH 1/4] stringbuf: A string buffer implementation"
Previous message: Atsushi Nemoto: "Re: [PATCH] serial: do not call ->pm() on initialization forconsole port"
In reply to: Alan Cox: "Re: Linux Security *Module* Framework (Was: LSM conversion tostatic interface)"
Next in thread: Peter Dolding: "Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Re: Linux Security *Module* Framework (Was: LSM conversion to staticinterface)

Re: Linux Security Module Framework (Was: LSM conversion to staticinterface)