Kernel Summit 2006: Security
Posted Jul 22, 2006 19:07 UTC (Sat) by Method
In reply to: Kernel Summit 2006: Security
Parent article: Kernel Summit 2006: Security
He responded to 3 of the points, (thats out of 11 since you appear to have problems counting).
I chose not to respond to his comment because I don't want huge comment threads on my blog (I'd rather respond in another post, and have people respond to my blog on theirs).
But since you brought it up.. The responses were also not comprehensive, the paths are ambiguous response only covered hard links (claiming that they weren't common) and ignored chroots, namespaces and bind mounts by saying only root can do them, hardly a compelling argument.
The response about not everything being a path: His response was to make fake paths for things not on the filesystem.. What a great idea! Show me how to differenciate shared memory from 2 processes run from the same binary. He also apparently thinks the policy should understand http semantics, not compelling at all.
Last his argument about lack of object tranquility shows a thorough misunderstanding for why object tranquility is important to security.
In short I think most of my readers could easily see that the arguments were weak, I didn't need to respond.
to post comments)