lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Jun 2010 17:49:12 -0700 From: Kees Cook <kees.cook@...onical.com> To: James Morris <jmorris@...ei.org> Cc: linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: [PATCH v4] security: Yama LSM Hi, On Wed, Jun 30, 2010 at 09:18:32AM +1000, James Morris wrote: > On Mon, 28 Jun 2010, Kees Cook wrote: > > > This adds the Yama Linux Security Module to collect several security > > features (symlink, hardlink, and PTRACE restrictions) that have existed > > in various forms over the years and have been carried outside the mainline > > kernel by other Linux distributions like Openwall and grsecurity. > > > > Signed-off-by: Kees Cook <kees.cook@...onical.com> > > There were no further complaints, and we seem to have reached a workable > consensus on the topic. > > It's not clear yet whether existing LSMs will modify their base policies > to incorporate these protections, utilize the Yama code more directly, or > implement some combination of both. I'm hoping we can implement really simple chaining -- nothing fancy. Trying to chain comprehensive LSMs seems like it will always fail, but putting little LSMs in front of big LSMs seems like an easy win. > If you're a user of an existing LSM and want these protections, bug the > developers for a solution :-) > > Applied to > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next Thanks! -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists