Thread (37 messages) 37 messages, 10 authors, 2021-06-09

Re: [PATCH v2] lockdown,selinux: avoid bogus SELinux lockdown permission checks

From: Linus Torvalds <torvalds@linux-foundation.org>
Date: 2021-06-05 18:23:46
Also in: bpf, linux-fsdevel, linuxppc-dev, lkml, netdev, selinux

On Sat, Jun 5, 2021 at 11:11 AM Casey Schaufler [off-list ref] wrote:
You have fallen into a common fallacy. The fact that the "code runs"
does not assure that the "system works right". In the security world
we face this all the time, often with performance expectations. In this
case the BPF design has failed [..]
I think it's the lockdown patches that have failed. They did the wrong
thing, they didn't work,

The report in question is for a regression.

THERE ARE NO VALID ARGUMENTS FOR REGRESSIONS.

Honestly, security people need to understand that "not working" is not
a success case of security. It's a failure case.

Yes, "not working" may be secure. But security in that case is *pointless*.

              Linus
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help