netdev
[Top] [All Lists]

Re: [PATCH] LSM networking: tcp hooks for 2.5.59 (8/8)

To: jmorris@xxxxxxxxxxxxxxxx
Subject: Re: [PATCH] LSM networking: tcp hooks for 2.5.59 (8/8)
From: "David S. Miller" <davem@xxxxxxxxxx>
Date: Thu, 30 Jan 2003 15:25:58 -0800 (PST)
Cc: kuznet@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx, linux-security-module@xxxxxxxxx
In-reply-to: <Pine.LNX.4.44.0301311017140.31802-100000@blackbird.intercode.com.au>
References: <Pine.LNX.4.44.0301311010580.31382-100000@blackbird.intercode.com.au> <Pine.LNX.4.44.0301311017140.31802-100000@blackbird.intercode.com.au>
Sender: netdev-bounce@xxxxxxxxxxx
No, no, and no.

This stuff will not pass.

There is no way in hell we're going to insert this security crap into
the actual protocol implementations.  I was right in seeing this as a
virus that will eventually infect the whole tree.

None of these security modules should know jack anything about open
requests and other TCP internals.

This stuff is totally unmaintainable garbage.  And I do not want to
hear "well how can we implement xxx which we need for yyy" because it
isn't my problem that you can't figure out a clean way to do this
stuff.

Linus would similarly barf if he was given a patch that added
hooks like "security_ext2_foo()".

I totally reject this networking security stuff for 2.6.x


<Prev in Thread] Current Thread [Next in Thread>