Linux Security Modules - Criticism

Criticism

Some Linux kernel developers dislike LSM for a variety of reasons. LSM strives to impose the least overhead possible, especially in the case where no module is loaded, but this cost is not zero, and some Linux developers object to that cost. LSM is designed to provide only for access control, but does not actually prevent people from using LSM for other reasons, and so some Linux kernel developers dislike that it can be "abused" by being used for other purposes, especially if the purpose is to bypass the Linux kernel's GPL license with a proprietary module to extend Linux kernel functionality.

Some security developers also dislike LSM. The author of grsecurity dislikes LSM because of its history, and that because LSM exports all of its symbols it facilitates the insertion of malicious modules (rootkits) as well as security modules. The author of RSBAC dislikes LSM because it is incomplete with respect to the needs of RSBAC. In particular, the author of RSBAC argues that: "LSM is only about additional, restrictive access control. However, the RSBAC system provides a lot of additional functionality, e.g. symlink redirection, secure_delete, partial Linux DAC disabling. All this has to be patched into kernel functions in a separate patch.". The author of Dazuko argues that targeting the LSM API is a moving target, as it changes with each kernel release, leading to extra maintenance work. Other developers would like to have LSM modules stacked, e.g. the developer of the Yama LSM.

Read more about this topic:  Linux Security Modules

Famous quotes containing the word criticism:

    The visual is sorely undervalued in modern scholarship. Art history has attained only a fraction of the conceptual sophistication of literary criticism.... Drunk with self-love, criticism has hugely overestimated the centrality of language to western culture. It has failed to see the electrifying sign language of images.
    Camille Paglia (b. 1947)

    ...I wasn’t at all prepared for the avalanche of criticism that overwhelmed me. You would have thought I had murdered someone, and perhaps I had, but only to give her successor a chance to live. It was a very sad business indeed to be made to feel that my success depended solely, or at least in large part, on a head of hair.
    Mary Pickford (1893–1979)

    A tailor can adapt to any medium, be it poetry, be it criticism. As a poet, he can mend, and with the scissors of criticism he can divide.
    Franz Grillparzer (1791–1872)