| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070308184646.GC21099@sergelap.austin.ibm.com> Date: Thu, 8 Mar 2007 12:46:47 -0600 From: "Serge E. Hallyn" <serue@...ibm.com> To: Casey Schaufler <casey@...aufler-ca.com> Cc: "Serge E. Hallyn" <serue@...ibm.com>, Mimi Zohar <zohar@...ux.vnet.ibm.com>, linux-kernel@...r.kernel.org, safford@...son.ibm.com, serue@...ux.vnet.ibm.com, kjhall@...ux.vnet.ibm.com, zohar@...ibm.com Subject: Re: [RFC][Patch 1/6] integrity: new hooks Quoting Casey Schaufler (casey@...aufler-ca.com): > > --- "Serge E. Hallyn" <serue@...ibm.com> wrote: > > > > It's unfortunate, agreed, but > > > > use of LSM as an integrity framework was also a > > no-go. > > You're going to have to justify this assertion. You misunderstand. I wasn't saying it wouldn't work :) I was saying that it's been said repeatedly that evm should be implemented as an integrity, not security, module. I think it should be done as both. The part which measures the integrity of files should be an integrity subsystem. The part which uses those results to either allow/refuse actions or take some other action (i.e. shut down the system) should be an lsm. > I know of at least one work-in-progress for which > LSM works just fine. Not to mention the Integrity > claims of SELinux. -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists