lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 18 Feb 2009 09:09:21 -0800
From:	Casey Schaufler <casey@...aufler-ca.com>
To:	etienne <etienne.basset@...ericable.fr>
CC:	Paul Moore <paul.moore@...com>,
	Linux-Kernel <linux-kernel@...r.kernel.org>,
	linux-security-module@...r.kernel.org,
	Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH] SMACK netfilter smacklabel socket match

Paul Moore wrote:
> On Wednesday 18 February 2009 02:23:24 am etienne wrote:
>   
>> ... anyway, I think the cleanest way would be to, well, sort smk_netlbladdr
>> by mask on insertion (perf doesn't matter  here) and this way
>> smack_host_label can stop the loop on first match. Plus, it would give a
>> nicer /smack/netlabel ouptut :)
>>     
>
> Agreed.
>   

Yes, it would make it nicer. You'll need to do a better job
on the list management than I've been doing. It's probably well
past time to introduce the Standard list management scheme to
Smack, and you'll need to do so if you want to do insertions
and/or deletions.

>> so, how should we handle it? apply the patches (with whitespaces damages
>> corrected ;) )  now (as it corrects a bug) an elaborate the cleaner way
>> later?
>>     
>
> Well, since you have some time and willingness to do things "the right way" I 
> would recommend dropping these patches (which are really just band-aids) and 
> working on the right solution to stored the addresses/masks in a sorted list 
> with the mask already applied.
>
> FWIW, the NetLabel code (net/netlabel) has to do very similar things with 
> sorted address lists so I built an address list construct which builds on the 
> list.h ideas and operates in a similar way.  You may find it helpful.
>
>   
>> I think this should go to stable too?
>>     
>
> I would worry about getting the patches developed, tested and in an acceptable 
> form first, then we can worry about where they should be applied ;)
>
>   

I would be delighted to see these changes. When you have preliminary
versions I would be eager to see them and give them a try in the
Smack test laboratory.

Etienne, thank you very much for the work you've done so far. Paul,
thank you for your recommendations.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ