| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Oct 2007 21:57:03 +0100 From: Al Viro <viro@....linux.org.uk> To: Casey Schaufler <casey@...aufler-ca.com> Cc: torvalds@...l.org, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, akpm@...l.org, paul.moore@...com Subject: Re: [PATCH] Version 4 (2.6.23-rc8-mm2) Smack: Simplified Mandatory Access Control Kernel On Wed, Oct 03, 2007 at 12:51:08PM -0700, Casey Schaufler wrote: > > > Because you throw "simple" out the window when you require userland > > > assistance to perform this function. > > > > Any more than having /tmp replaced with a symlink? > > Yes. By the way, there's nothing that really requires that you > use a /smack symlink if you don't want to. /tmp can still be a > real directory, a mount point, a symlink to /var/tmp, or whatever > else you want it to be if that suits your needs better. For the > simplest scenarios /tmp -> /smack/tmp -> /moldy/<label> has every > other scheme I've seen throughly beaten. And your point is? If you don't use it, you get exact same complexity in both setups. > > _What_ userland intervention? Mounting stuff under /smack/tmp and not under > > your /moldy? > > Who said anything about mounting under /moldy? I never did. Sigh... So put the binding into fstab and be done with that. > > Having /tmp replaced with symlink to /smack/tmp.link instead > > of replacing it with a symlink to /smack/tmp? > > > > Absolute paths in that kind of thing are _wrong_. You know where the things > > are on your fs. You don't know if anything else will be visible, let alone > > whether it will be at the same place in all chroots or namespaces. And no, > > you _can't_ make sure that fs is visible only in one place. No fs can or > > has any business even trying. > > Is the objection that there is a default value coded in? Right now the main objection is about your lack of ability to read. Which part of "it can be mounted in different chroots/namespaces, therefore having absolute paths doesn't work" is too hard to understand? No, it's not about having a default. It's about keeping an absolute pathname in virtual fs, having all instances autosoddingmatically sharing it _and_ having change attempt in any instance automatically affect all of them. If you have that kind of sharing, don't pretend that your mechanism really allows absolute pathnames. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists