| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Dec 2011 07:52:34 +1100 (EST) From: James Morris <jmorris@...ei.org> To: Kees Cook <keescook@...omium.org> cc: kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, Roland McGrath <roland@...k.frob.com> Subject: Re: [kernel-hardening] [PATCH 2/2] security: Yama LSM On Mon, 19 Dec 2011, Kees Cook wrote: > Hi James, > > On Mon, Dec 19, 2011 at 11:33:10AM +1100, James Morris wrote: > > On Thu, 15 Dec 2011, Kees Cook wrote: > > > +#ifdef CONFIG_SECURITY_YAMA > > > + ns->ptrace_scope = parent_pid_ns->ptrace_scope; > > > +#endif > > > + > > > > I'd like to see this implemented as an LSM hook, something like > > security_ptrace_set_scope(). > > I must be dense, but I fail to understand the purpose of this. The "ptrace > scope" implemented by Yama is a sysctl, not an system interface. I don't > understand why (or where) other LSMs would want to catch changing this. > Can you explain what you're looking for in more detail? > We should not see YAMA-specific code in the core kernel. However you do it, the above should happen in LSM. - James -- James Morris <jmorris@...ei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists