lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 30 Jul 2007 15:31:39 +0200
From:	Adrian Bunk <bunk@...sta.de>
To:	Steve Grubb <sgrubb@...hat.com>
Cc:	David Woodhouse <dwmw2@...radead.org>, linux-audit@...hat.com,
	linux-kernel@...r.kernel.org
Subject: Re: [2.6 patch] kernel/audit.c: change the exports to
	EXPORT_SYMBOL_GPL

On Mon, Jul 30, 2007 at 09:18:41AM -0400, Steve Grubb wrote:
> On Sunday 29 July 2007 11:02:33 Adrian Bunk wrote:
> > They are still completely unused, but hopefully some of the theoretical
> > code that might use it will appear in the kernel in the near future...
> >
> > Signed-off-by: Adrian Bunk <bunk@...sta.de>
> > Acked-by: Steve Grubb <sgrubb@...hat.com>
> 
> I am reluctant to say that I ack this patch for a couple reasons:
> 
> 1) We are talking about a basic logging facility that should be open like 
> printk() is.
> 
> 2) There are no user space GPL restrictions to use the audit netlink API, so 
> why restrict who can send audit events via the in-kernel interfaces? It just 
> doesn't make sense to have 2 different licenses for in-kernel vs user space 
> audit event recording. Its the same subsystem differing only by where the 
> event originated.

It's a well-known fact that there are legal differences between calling 
kernel services from userspace and kernel modules.

> 3) The API has been unrestricted for years. I don't think its a good idea to 
> take a basic logging API away from people that have programmed to it.

If it's such a basic API, why isn't there a single user in the kernel?

> 4) In the absence of the in-kernel audit logging api, people will either 
> create parallel infrastructure or resort to using printk. It will be 
> difficult for end users to correlate security events from 2 different logs.
> 
> I would support there being a mechanism for anyone who wants to reduce the 
> number of exported symbols for their own kernels - I believe that is the 
> basic problem here. But I think there are enough reasons to continue keeping 
> this API open and unrestricted for anyone that wants it that way.

The Linux kernel does not offer a stable kernel API for external modules.
That's a well-known fact.

> -Steve

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ