Linux Security Modules - Criticism

Criticism

Some Linux kernel developers dislike LSM for a variety of reasons. LSM strives to impose the least overhead possible, especially in the case where no module is loaded, but this cost is not zero, and some Linux developers object to that cost. LSM is designed to provide only for access control, but does not actually prevent people from using LSM for other reasons, and so some Linux kernel developers dislike that it can be "abused" by being used for other purposes, especially if the purpose is to bypass the Linux kernel's GPL license with a proprietary module to extend Linux kernel functionality.

Some security developers also dislike LSM. The author of grsecurity dislikes LSM because of its history, and that because LSM exports all of its symbols it facilitates the insertion of malicious modules (rootkits) as well as security modules. The author of RSBAC dislikes LSM because it is incomplete with respect to the needs of RSBAC. In particular, the author of RSBAC argues that: "LSM is only about additional, restrictive access control. However, the RSBAC system provides a lot of additional functionality, e.g. symlink redirection, secure_delete, partial Linux DAC disabling. All this has to be patched into kernel functions in a separate patch.". The author of Dazuko argues that targeting the LSM API is a moving target, as it changes with each kernel release, leading to extra maintenance work. Other developers would like to have LSM modules stacked, e.g. the developer of the Yama LSM.

Read more about this topic:  Linux Security Modules

Famous quotes containing the word criticism:

    In criticism I will be bold, and as sternly, absolutely just with friend and foe. From this purpose nothing shall turn me.
    Edgar Allan Poe (1809–1845)

    As far as criticism is concerned, we don’t resent that unless it is absolutely biased, as it is in most cases.
    John Vorster (1915–1983)

    It is ... pathetic to observe the complete lack of imagination on the part of certain employers and men and women of the upper-income levels, equally devoid of experience, equally glib with their criticism ... directed against workers, labor leaders, and other villains and personal devils who are the objects of their dart-throwing. Who doesn’t know the wealthy woman who fulminates against the “idle” workers who just won’t get out and hunt jobs?
    Mary Barnett Gilson (1877–?)