Re: Upstream first policy

From: Alan Cox
Date: Mon Mar 08 2010 - 12:38:05 EST

Next message: Alan Cox: "Re: [PATCH] usb-serial: Fix usb serial console open/closeregression"
Previous message: Takashi Iwai: "Re: [PATCH -next] sound: fix opti92x-ad1848 build"
In reply to: Ingo Molnar: "Re: Upstream first policy"
Next in thread: Linus Torvalds: "Re: Upstream first policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> In that sense it appears to me that it's pretty much a universal truth that
> 'pathnames' are a far more fitting abstraction to any 'human based security

Ingo - just about all the serious security work disagrees with you.
Pathnames are references to objects and keep changing. What matters is
the object itself. This is also how Unix has always worked

Imagine if chmod applied to the path not the inode ?

> Also, why was/(is?) AppArmor considered as a 'hostile competitor'

I don't believe it was. It was perceived as a technical failure, and then
the file system people shredded the bits the security folks didn't.

There are certain things path name bases security works quite nicely for,
primarily systems that have no concept of links. It's why it works
ok-ish for httpd but for the general case nobody has ever really made it
work properly.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: [PATCH] usb-serial: Fix usb serial console open/closeregression"
Previous message: Takashi Iwai: "Re: [PATCH -next] sound: fix opti92x-ad1848 build"
In reply to: Ingo Molnar: "Re: Upstream first policy"
Next in thread: Linus Torvalds: "Re: Upstream first policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]