You are not logged in.
- Topics: Active | Unanswered
#1 2006-06-08 02:04:15
- Gullible Jones
- Member
- Registered: 2004-12-29
- Posts: 4,863
Kernel security guys have unusual things to say about LSM...
This isn't something I'd have thought of... It's fairly obvious that GrSecurity can't use LSM because of the PaX stuff, but what's this business about LSM being fundamentally insecure?
There's also this from the RSBAC guys... I wonder if perhaps it's a good thing that LSM is now compiled as a module in the Arch stock kernel.
(BTW, what's this they say in the RSBAC article about LSM being removed from the mainline kernel? I haven't seen anything about that in the patch lists or on KernelTrap...)
Offline
#2 2006-06-08 15:13:14
- phrakture
- Arch Overlord
- From: behind you
- Registered: 2003-10-29
- Posts: 7,879
- Website
Re: Kernel security guys have unusual things to say about LSM...
Wow, reading this post was more difficult then sitting through business jargon talks... we need to leverage platforms and provide extensible soultions!
Safe to say, I don't follow this --omg-security stuff, so I have no idea what all these acronyms mean... LSM PaX RSBAC.... hrrrrmm
Offline
#3 2006-06-08 19:24:25
- Gullible Jones
- Member
- Registered: 2004-12-29
- Posts: 4,863
Re: Kernel security guys have unusual things to say about LSM...
LSM = Linux Security Modules
PaX = patches to interfere with various kinds of overflow-related attacks
RSBAC = Ruleset Based Access Control
Offline
#4 2006-06-08 19:45:45
- stonecrest
- Member
- From: Boulder
- Registered: 2005-01-22
- Posts: 1,190
Re: Kernel security guys have unusual things to say about LSM...
VW = Verbal Wanking
I am a gated community.
Offline
#5 2006-06-11 00:31:47
- Gullible Jones
- Member
- Registered: 2004-12-29
- Posts: 4,863
Re: Kernel security guys have unusual things to say about LSM...
You sure? I mean, I don't know a great deal about this stuff, but these guys have been working on *nix security for a long time, so I can't help but wonder if what they're saying is true.
Offline
#6 2006-06-11 01:22:30
- iphitus
- Forum Fellow
- From: Melbourne, Australia
- Registered: 2004-10-09
- Posts: 4,927
Re: Kernel security guys have unusual things to say about LSM...
ill agree with phrak, it's all just --omg-security. There's no way you'll see any of them in beyond ever.
Offline
#7 2006-06-11 02:26:34
- Gullible Jones
- Member
- Registered: 2004-12-29
- Posts: 4,863
Re: Kernel security guys have unusual things to say about LSM...
I'm not asking for them in -beyond, that would spell trouble... I was at one point thinking of trying out RSBAC though.
(I do have to ask though... Isn't Linux security a bit less than satisfying in some ways? I mean look at OpenVMS, which appears to be almost immune to buffer overflows... I know I may sound paranoid, and it's true that this stuff isn't an *immediate* concern, but I do wonder if, what with Microsoft of all companies starting in with the "--omg-security" stuff, it isn't time for Linux to start looking that way.)
Offline
#8 2006-06-11 02:39:42
- iphitus
- Forum Fellow
- From: Melbourne, Australia
- Registered: 2004-10-09
- Posts: 4,927
Re: Kernel security guys have unusual things to say about LSM...
(I do have to ask though... Isn't Linux security a bit less than satisfying in some ways? I mean look at OpenVMS, which appears to be almost immune to buffer overflows... I know I may sound paranoid, and it's true that this stuff isn't an *immediate* concern, but I do wonder if, what with Microsoft of all companies starting in with the "--omg-security" stuff, it isn't time for Linux to start looking that way.)
well, if you think linux needs to be that way... all the stuff is there 
Go, have fun, and --omg-secururise your system. Choice mate.
Offline