On Sun, 28 Oct 2007 15:08:56 -0700
Crispin Cowan <firstname.lastname@example.org> wrote:
exactly; this is why I've been pushing recently for each new LSM to at
least document and make explicit what it tries to protect / protect
against (threat model and defense model in traditional security terms).
Without such an explicit description it's both impossible to
"neutrally" review a proposed LSM towards its goals, and it ends up as
a result with people making assumptions and attacking the model because
there's no separation between code and model.
again I agree pretty much; I do want to reserve some minimum "common
sense" bar because people may (and probably will) do silly things withs
LSMs that are really not the right thing to do objectively.
If you want to reach me at my work email, use email@example.com
For development, discussion and tips for power savings,