Re: [PATCH 00/21] Permit multiple active LSM modules

On 2/7/2011 2:54 PM, David Howells wrote:
> Casey Schaufler <casey@schaufler-ca.com> wrote:
>
>>>> Think "Personal PIN Number for the Automated ATM Machine".
>>>> The LSM framework supports Linux Security Modules (LSM).
>>> I presume you aren't talking about using this on an actual ATM...
>> Would you have ATMs run WinCE instead?
> No.

Didn't think so.

> However, I would've thought running multiple applications on an ATM is
> asking for trouble.

Realize the 50% of today's professional programmers have never written
a line of code that had to be compiled. Modern ATMs scan your checks
and play your preferred videos while you wait for them to check your
balance or print your receipt.

> They're relatively simple devices,

No, they have kernels and libraries and message busses and
runtime environments and network daemons and crypo assist
programs for those runtime environments.

> especially if the app goes direct to the framebuffer and thus avoids X.

He he he. The "app" is a suite of interpreted programs, fired off
by an http server and communicating via dbus.

> Then you can probably get
> away with the kernel and one application program and disable fork().  Under
> those circumstances, do LSMs actually gain you anything?

Sure! How are you going to disable fork? An LSM! And seriously, there's
almost as much going on in your ATM as in your phone.

> David

Speaking of which, I'm a little short this week. Loan me a $20?

(Only kidding!)

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html