Re: TOMOYO Linux Security Goal

From: Casey Schaufler
Date: Mon Dec 31 2007 - 10:28:01 EST

Next message: Christer Weinigel: "Re: [PATCH] x86: provide a DMI based port 0x80 I/O delay override"
Previous message: Tetsuo Handa: "Re: TOMOYO Linux Security Goal"
In reply to: Valdis . Kletnieks: "Re: TOMOYO Linux Security Goal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- Valdis.Kletnieks@xxxxxx wrote:

> I'm pretty sure that most of the security community agrees on what "correct"
> means - the disagreement is in the most cost-effective way to *create* one.

Struth. (I'm practicing my Australian, it's gotten rusty)
I say that the the only rational way to create a policy is to
decide what you want the system to do and create your policy
based on that. I think that calling something that does nothing
more than enforce existing behavior without thought on what the
behavior ought to be a "policy" does disservice to the entire
security community. I realize that I'm in the minority on this
one. Oh well.

Casey Schaufler
casey@xxxxxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christer Weinigel: "Re: [PATCH] x86: provide a DMI based port 0x80 I/O delay override"
Previous message: Tetsuo Handa: "Re: TOMOYO Linux Security Goal"
In reply to: Valdis . Kletnieks: "Re: TOMOYO Linux Security Goal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]