lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Oct 2022 21:16:31 -0400 From: Mimi Zohar <zohar@...ux.ibm.com> To: Paul Moore <paul@...l-moore.com>, Kees Cook <keescook@...omium.org> Cc: Mickaël Salaün <mic@...ikod.net>, KP Singh <kpsingh@...nel.org>, Casey Schaufler <casey@...aufler-ca.com>, John Johansen <john.johansen@...onical.com>, James Morris <jmorris@...ei.org>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-integrity@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH 0/9] integrity: Move hooks into LSM On Thu, 2022-10-13 at 18:47 -0400, Paul Moore wrote: > On Thu, Oct 13, 2022 at 6:36 PM Kees Cook <keescook@...omium.org> wrote: > > > > Hi, > > > > It's been over 4 years since LSM stack was introduced. The integrity > > subsystem is long overdue for moving to this infrastructure. Here's my > > first pass at converting integrity and ima (and some of evm) into LSM > > hooks. This should be enough of an example to finish evm, and introduce > > the missing hooks for both. For example, after this, it looks like ima > > only has a couple places it's still doing things outside of the LSM. At > > least these stood out: > > > > fs/namei.c: ima_post_create_tmpfile(mnt_userns, inode); > > fs/namei.c: ima_post_path_mknod(mnt_userns, dentry); > > > > Mimi, can you please take this series and finish the conversion for > > what's missing in ima and evm? > > > > I would also call attention to "175 insertions(+), 240 deletions(-)" -- > > as expected, this is a net reduction in code. > > > > Thanks! > > Without looking at any of the code, I just want to say this 100% gets > my vote; this is something we need to make happen at some point. > > Thanks Kees! Sorry I'm on vacation this week and the beginning of next week, but will look at it when I get back. Mimi
Powered by blists - more mailing lists