Re: Future Linux devel. Kernels

From: Chad Miller (
Date: Mon May 08 2000 - 12:20:12 EST

> > Well-designed security isn't just 1 'thing'. It's like a
> > bank safe-deposit box, You have secure-cams taping everything, you
> > have guards on duty. You have the boxes require 2 keys - owner and
> > banker. At night guards are put 'on call' and replaced with the
> > safe-deposit boxes being in a large foot-thick steel vault. And
> > perhaps more than one motion detector. A good OS has at least as many
> > redundant features. Perhaps none is perfect but each has a probability
> > of failure. Failure pr breaking of one security component should not
> > lead to failure of another. Then the chances of getting in are
> > reduced by multiplying chances of failure (fractions) resulting in lower
> > and lower odds of a complete compromise.

On Mon, May 08, 2000 at 03:03:47PM +0200, Igmar Palsenberg wrote:
> Ugh.. Had to read that 4 times..
> But yes, the physical security is also of importance...

I don't think Foo was discussing physical security. In his metaphor,
everything was physical, so he's not noting that physical access is
something we should consider -- we _know_ that. Within his physical
system (an example of a well-designed security mechanism), there are
several layers to providing security. Ownership of a {key,root shell}
shouldn't imply complete and total access.

The equivalent of the time policy, banker's key, security guard, and
vault wall are something we (not meaning LKML) should work on.

                                                - chad

Chad Miller <>     URL:
"Any technology distinguishable from magic is insufficiently advanced".
First corollary to Clarke's Third Law (Jargon File, v4.2.0, 'magic')

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:11 EST