[PATCH v2] lockdown,selinux: avoid bogus SELinux lockdown permission checks
Linus Torvalds
torvalds at linux-foundation.org
Sat Jun 5 18:17:02 UTC 2021
On Sat, Jun 5, 2021 at 11:11 AM Casey Schaufler <casey at schaufler-ca.com> wrote:
>
> You have fallen into a common fallacy. The fact that the "code runs"
> does not assure that the "system works right". In the security world
> we face this all the time, often with performance expectations. In this
> case the BPF design has failed [..]
I think it's the lockdown patches that have failed. They did the wrong
thing, they didn't work,
The report in question is for a regression.
THERE ARE NO VALID ARGUMENTS FOR REGRESSIONS.
Honestly, security people need to understand that "not working" is not
a success case of security. It's a failure case.
Yes, "not working" may be secure. But security in that case is *pointless*.
Linus
More information about the Linux-security-module-archive
mailing list