Linux Security Modules - Criticism

Criticism

Some Linux kernel developers dislike LSM for a variety of reasons. LSM strives to impose the least overhead possible, especially in the case where no module is loaded, but this cost is not zero, and some Linux developers object to that cost. LSM is designed to provide only for access control, but does not actually prevent people from using LSM for other reasons, and so some Linux kernel developers dislike that it can be "abused" by being used for other purposes, especially if the purpose is to bypass the Linux kernel's GPL license with a proprietary module to extend Linux kernel functionality.

Some security developers also dislike LSM. The author of grsecurity dislikes LSM because of its history, and that because LSM exports all of its symbols it facilitates the insertion of malicious modules (rootkits) as well as security modules. The author of RSBAC dislikes LSM because it is incomplete with respect to the needs of RSBAC. In particular, the author of RSBAC argues that: "LSM is only about additional, restrictive access control. However, the RSBAC system provides a lot of additional functionality, e.g. symlink redirection, secure_delete, partial Linux DAC disabling. All this has to be patched into kernel functions in a separate patch.". The author of Dazuko argues that targeting the LSM API is a moving target, as it changes with each kernel release, leading to extra maintenance work. Other developers would like to have LSM modules stacked, e.g. the developer of the Yama LSM.

Read more about this topic:  Linux Security Modules

Famous quotes containing the word criticism:

    Parents sometimes feel that if they don’t criticize their child, their child will never learn. Criticism doesn’t make people want to change; it makes them defensive.
    Laurence Steinberg (20th century)

    The visual is sorely undervalued in modern scholarship. Art history has attained only a fraction of the conceptual sophistication of literary criticism.... Drunk with self-love, criticism has hugely overestimated the centrality of language to western culture. It has failed to see the electrifying sign language of images.
    Camille Paglia (b. 1947)

    Of all the cants which are canted in this canting world—though the cant of hypocrites may be the worst—the cant of criticism is the most tormenting!
    Laurence Sterne (1713–1768)