| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 13 Nov 2010 19:05:34 -0800 From: Kees Cook <kees.cook@...onical.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Dan Rosenberg <drosenberg@...curity.com>, James Morris <jmorris@...ei.org>, Joe Perches <joe@...ches.com>, LKML <linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...e.hu>, Eugene Teo <eugeneteo@...nel.org>, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: [PATCH] Fix dmesg_restrict build failure with CONFIG_EMBEDDED=y and CONFIG_PRINTK=n On Sat, Nov 13, 2010 at 12:22:15PM -0800, Linus Torvalds wrote: > Hmm. No wonder I missed that. The security interface is totally > idiotic. If the intention is for /proc/kmsg security checks to be done > at open time, then dammit, that logic should _not_ be inside some > random security policy. I think the real problem is that this interface exists as both a syscall and a /proc file (sysklogd things use the /proc file). Dropping the from_file means that security policy cannot revalidate the policy (sometimes it might want to block the read, i.e. passing the open fd to another process that is not privileged). But since nothing is actually using from_file yet, I guess it's not a big deal. And note that I'm not defending any specific part of it; I'm just trying to point out what not be possible in the future if we drop from_file like this. -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists