| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Oct 2011 13:30:34 -0700 From: Greg KH <greg@...ah.com> To: Dave Jones <davej@...hat.com>, Linux Kernel <linux-kernel@...r.kernel.org> Subject: Re: RFC: virtualbox tainting. On Thu, Oct 06, 2011 at 04:04:40PM -0400, Dave Jones wrote: > On Thu, Oct 06, 2011 at 12:58:24PM -0700, Greg Kroah-Hartman wrote: > > > > I feel a bit dirty overloading TAINT_CRAP (even if the name is apropos). > > > Should I introduce a TAINT_OUT_OF_TREE perhaps instead ? > > > > We could do that in a "generic" way by setting a "in-tree" flag type > > thing for everything that is built from within the kernel build, and > > then taint if that flag is not found. > > what stops an out of tree module from setting that flag ? > I guess I need to see the implementation to understand this. If an out of tree module wants to override this, they can do so pretty easily, it's not the gpg-sign type thing that RHEL did. So as it is pretty easy to get around, I supposed all out-of-tree modules would eventually just figure out how to set it because people would complain. But then again, virtual box could just rename their module, which would do the same thing here. I guess it all depends on how "hard" we want to try to enforce this. greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists