Re: Defense in depth: LSM modules, not a static interface

From: Cliffe
Date: Tue Oct 30 2007 - 03:00:04 EST

Next message: Paul Jimenez: "[PATCH] KJ: Make i8259_64 more _32-like"
Previous message: Al Viro: "Re: Defense in depth: LSM *modules*, not a static interface"
In reply to: Al Viro: "Re: Defense in depth: LSM *modules*, not a static interface"
Next in thread: Crispin Cowan: "Re: Defense in depth: LSM *modules*, not a static interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Al Viro wrote:

On Tue, Oct 30, 2007 at 03:14:33PM +0800, Cliffe wrote:

Defense in depth has long been recognised as an important secure design principle. Security is best achieved using a layered approach.

"Layered approach" is not a magic incantation to excuse any bit of snake
oil. Homeopathic remedies might not harm (pure water is pure water),
but that's not an excuse for quackery. And frankly, most of the
"security improvement" crowd sound exactly like woo-peddlers.

I agree completely; but layers that provide actual security improvements are important.

--

Z. Cliffe Schreuders
BSc Comp Sci (Hons) & Int Comp
PhD Candidate, Casual Tutor
School of IT
Murdoch University
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Jimenez: "[PATCH] KJ: Make i8259_64 more _32-like"
Previous message: Al Viro: "Re: Defense in depth: LSM *modules*, not a static interface"
In reply to: Al Viro: "Re: Defense in depth: LSM *modules*, not a static interface"
Next in thread: Crispin Cowan: "Re: Defense in depth: LSM *modules*, not a static interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Re: Defense in depth: LSM *modules*, not a static interface

Re: Defense in depth: LSM modules, not a static interface