lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 30 Jul 2007 09:18:41 -0400
From:	Steve Grubb <sgrubb@...hat.com>
To:	Adrian Bunk <bunk@...sta.de>
Cc:	David Woodhouse <dwmw2@...radead.org>, linux-audit@...hat.com,
	linux-kernel@...r.kernel.org
Subject: Re: [2.6 patch] kernel/audit.c: change the exports to EXPORT_SYMBOL_GPL

On Sunday 29 July 2007 11:02:33 Adrian Bunk wrote:
> They are still completely unused, but hopefully some of the theoretical
> code that might use it will appear in the kernel in the near future...
>
> Signed-off-by: Adrian Bunk <bunk@...sta.de>
> Acked-by: Steve Grubb <sgrubb@...hat.com>

I am reluctant to say that I ack this patch for a couple reasons:

1) We are talking about a basic logging facility that should be open like 
printk() is.

2) There are no user space GPL restrictions to use the audit netlink API, so 
why restrict who can send audit events via the in-kernel interfaces? It just 
doesn't make sense to have 2 different licenses for in-kernel vs user space 
audit event recording. Its the same subsystem differing only by where the 
event originated.

3) The API has been unrestricted for years. I don't think its a good idea to 
take a basic logging API away from people that have programmed to it.

4) In the absence of the in-kernel audit logging api, people will either 
create parallel infrastructure or resort to using printk. It will be 
difficult for end users to correlate security events from 2 different logs.

I would support there being a mechanism for anyone who wants to reduce the 
number of exported symbols for their own kernels - I believe that is the 
basic problem here. But I think there are enough reasons to continue keeping 
this API open and unrestricted for anyone that wants it that way.

-Steve
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ