Re: Upstream first policy
From: Alan Cox
Date: Mon Mar 08 2010 - 12:38:05 EST
> In that sense it appears to me that it's pretty much a universal truth that
> 'pathnames' are a far more fitting abstraction to any 'human based security
Ingo - just about all the serious security work disagrees with you.
Pathnames are references to objects and keep changing. What matters is
the object itself. This is also how Unix has always worked
Imagine if chmod applied to the path not the inode ?
> Also, why was/(is?) AppArmor considered as a 'hostile competitor'
I don't believe it was. It was perceived as a technical failure, and then
the file system people shredded the bits the security folks didn't.
There are certain things path name bases security works quite nicely for,
primarily systems that have no concept of links. It's why it works
ok-ish for httpd but for the general case nobody has ever really made it
work properly.
Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/