On Thu, 2005-10-13 at 12:30 +0200, Bas Wijnen wrote: > On Thu, Oct 13, 2005 at 10:30:39AM +0200, Alfred M. Szmidt wrote: > > Alfred's confusion > > > > I have no confusion about the matter. You want `paranoid security', I > > want a usable system. > > I want both.
I want a practically useful amount of control on my own machine. I can't get it without the right primitive security mechanisms. This does NOT mean that I want to implement any horribly invasive policy. Many of Alfred's objections have historical merit, but he is failing to distinguish between the need for fundamentally sound mechanism and the need to avoid invasive policy. Concerning the need to avoid invasive policy, I would say that for general purpose systems he is right and that for some special purpose systems an invasive policy is necessary and appropriate. There is no reason why a microkernel should not support *both* very effectively, and there is no reason why the majority of the code in those systems cannot be common code. Hurd is clearly in the general purpose camp, and I would strongly oppose changing this. HOWEVER: Hurd currently does not provide adequate foundations to let users exercise control. This, in my opinion, is worth fixing. It may be useful to compare SELinux to the Immunix confinement policy. Crispin and I have exchanged a lot of ideas over the years. SELinux requires constant tweaking, it is a pain in the ass, it breaks lots of applications on every update, and it doesn't even *try* to address the virus/trojan issue. The Immunix confinement policy doesn't suffer from any of these problems. The main flaws in the Immunix approach are that they are constrained by application compatibility, and as a result they are unable to apply the policy finely enough. Immunix was recently acquired by Novel, largely on the strength of the business that this policy let them develop. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
