Torvalds On Pluggable Security Models

eldavojohn writes "The KernelTrap highlights an interesting discussion on pluggable security models including some commentary by Linus Torvalds. While Torvalds argued against pluggable schedulers, he's all for pluggable security. Other members were voicing concerns with the pluggable nature of the Linux Security Model, but Torvalds put his foot down and said it stays. When asked why his stance was different between schedulers and security, he replied, 'Schedulers can be objectively tested. There's this thing called 'performance,' that can generally be quantified on a load basis. Yes, you can have crazy ideas in both schedulers and security. Yes, you can simplify both for a particular load. Yes, you can make mistakes in both. But the *discussion* on security seems to never get down to real numbers. So the difference between them is simple: one is hard science. The other one is people wanking around with their opinions.'"

Re:Well

[gweihir]

No. Linux is not convincing. He is arrogant and more and more clueless. Unfortunately people seem to be so in awe of him, that allmost nobody is willing to tell him that he has he is "wanking around" about a lot of things he obviously does not really understand.

No, he is right on one thing

[mdenham]

Yes, one is hard science, and the other one is people wanking around with their opinions. Specifically, the security one is hard science, while the scheduler is the wanking.

Re:Well

[ShieldW0lf]

Sure didn't seem that way to me.

When I see the security people making sane arguments and agreeing on something, that will change. Quite frankly, I expect hell to freeze over before that happens, and pigs will be nesting in trees. But hey, I can hope.

I'm simply not interested in this discussion. If you cannot understand the *meta*discussion above (which has nothing to do with SMACK or SELinux per se), I cannot help you.

The biggest reason for me to merge SMACK (and AppArmor) would not be those particular security modules in themselves, but to inject a sense of reality in people. Right now, I see discussions about removign LSM because "SELinux is everything". THAT IS A PROBLEM. - Linux

It doesn't look to me like people are refusing to quantify anything.

From reading the article, seems like the arguments against SELinux being the main security model are that it requires work to configure, and it breaks peoples insecure closed source apps, leading them to be instructed turn SELinux off. The argument for using it appear to be that it provides genuinely tight security.

The arguments for using alternatives to SELinux are that they work with the insecure closed source apps and are easier to configure. The argument against using the alternatives appears to be that they aren't actually secure. The 3 walls are better than none argument.

Linus' decided that he doesn't know anything about this shit, he doesn't care about learning about it, and he'll fucking merge everything and the kitchen sink in there and fuck the consequences if Morris doesn't get the "meta-message" that he wants to be left alone.

That's not leadership. It's not solid decision making. It's a lack of interest in taking responsibility for security merged with the pettiness of a child who will fuck everything up completely if that's what he has to do to make you aware of who wears the pants around here.