Users are a really terrible source of interface
specifications. "Hackers" are often not much better, but at least
if the interface is lousy the developer has the potential to be
accountable for it and its improvement.
-- Casey Schaufler
IMHO the key design mistake of LSM is that it detaches security
policy from applications: you need to be admin to load policies,
you need to be root to use/configure an LSM. Dammit, you need to be
root to add labels to files!
This not only makes the LSM policies distro specific (and
needlessly forked and detached from real security), but also gives
the message that:
'to ensure your security you need to be privileged'
which is the anti-concept of good security IMO.
-- Ingo Molnar
to post comments)