Re: Defense in depth: LSM *modules*, not a static interface

[Casey Schaufler]

--- Crispin Cowan <crispin@xxxxxxxxxxxxxxxx> wrote:

> Al Viro wrote:
> > On Tue, Oct 30, 2007 at 03:14:33PM +0800, Cliffe wrote:
> >   
> >> Defense in depth has long been recognised as an important secure design 
> >> principle. Security is best achieved using a layered approach.
> >>     
> >  "Layered approach" is not a magic incantation to excuse any bit of snake
> > oil.  Homeopathic remedies might not harm (pure water is pure water),
> > but that's not an excuse for quackery.  And frankly, most of the
> > "security improvement" crowd sound exactly like woo-peddlers.
> >   
> Frank's point was that the static interface makes layering somewhere
> between impractical and impossible. The static interface change should
> be dumped so that layering is at least possible. Whether any given
> security module is worth while is a separate issue.
> 
> I.e. that there are bad medicines around is a poor excuse to ban
> syringes and demand that everyone be born with a strong immune system.
> 
> Why is it that security flame wars always end up reasoning with absurd
> analogies? :-)

That's my fault, sorry. I don't know why it's my fault,
but that's where it usually ends up and I thought I'd get
the blame bit out of the way. Gotta go squeeze some legless
reptiles now.


Casey Schaufler
casey@xxxxxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/