Linux Security Modules - History

History

At the 2001 Linux Kernel Summit, the NSA proposed that SELinux be included in Linux 2.5. Linus Torvalds rejected SELinux at that time, because he observed that there are many different security projects in development, and since they all differ, the security community has not yet formed consensus on the ultimate security model. Instead, Linus charged the security community to "make it a module".

In response, Crispin Cowan proposed LSM: an interface for the Linux kernel that provides sufficient "hooks" (upcalls) from within the Linux kernel to a loadable module so as to allow the module to enforce mandatory access controls. Development of LSM over the next two years was conducted by the LSM community, including substantial contributions from the Immunix Corporation, the NSA, McAfee, IBM, Silicon Graphics, and many independent contributors. LSM was ultimately accepted into the Linux kernel mainstream and was included as a standard part of Linux 2.6 in December 2003.

In 2006, some kernel developers observed that SELinux was the only widely used LSM module included in the mainstream Linux kernel source tree. If there is to be only one widely used LSM module, it was reasoned, then the indirection of LSM is unnecessary, and LSM should be removed and replaced with SELinux itself. However, there are other LSM modules maintained outside of the mainstream kernel tree (AppArmor, Linux Intrusion Detection System, FireFlier, CIPSO, Multi ADM, etc.), so this argument led to two results: 1. that developers of these modules started putting effort into upstreaming their respective modules, and 2. at the 2006 Kernel Summit, Linus once again asserted that LSM would stay because he does not want to arbitrate which is the best security model. LSM is likely to remain since an additional security module TOMOYO Linux was accepted in the mainline kernel version 2.6.30 (June 2009). With version 2.6.36, another security module (AppArmor) was accepted in the mainline kernel.

Read more about this topic:  Linux Security Modules

Famous quotes containing the word history:

    Free from public debt, at peace with all the world, and with no complicated interests to consult in our intercourse with foreign powers, the present may be hailed as the epoch in our history the most favorable for the settlement of those principles in our domestic policy which shall be best calculated to give stability to our Republic and secure the blessings of freedom to our citizens.
    Andrew Jackson (1767–1845)

    History ... is, indeed, little more than the register of the crimes, follies, and misfortunes of mankind.
    But what experience and history teach is this—that peoples and governments have never learned anything from history, or acted on principles deduced from it.
    Georg Wilhelm Friedrich Hegel (1770–1831)

    All history attests that man has subjected woman to his will, used her as a means to promote his selfish gratification, to minister to his sensual pleasures, to be instrumental in promoting his comfort; but never has he desired to elevate her to that rank she was created to fill. He has done all he could to debase and enslave her mind; and now he looks triumphantly on the ruin he has wrought, and say, the being he has thus deeply injured is his inferior.
    Sarah M. Grimke (1792–1873)