lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 08 Mar 2007 14:22:29 -0500 From: Stephen Smalley <sds@...ho.nsa.gov> To: "Serge E. Hallyn" <serue@...ibm.com> Cc: Chris Wright <chrisw@...s-sol.org>, Mimi Zohar <zohar@...ux.vnet.ibm.com>, linux-kernel@...r.kernel.org, safford@...son.ibm.com, serue@...ux.vnet.ibm.com, kjhall@...ux.vnet.ibm.com, zohar@...ibm.com Subject: Re: [RFC][Patch 2/6] integrity: fs hook placement On Thu, 2007-03-08 at 12:01 -0600, Serge E. Hallyn wrote: > Quoting Chris Wright (chrisw@...s-sol.org): > > * Serge E. Hallyn (serue@...ibm.com) wrote: > > > Are you objecting only to the duplication at the callsites, so that an > > > fsnotify-type of consolidation of security and integrity hooks would be > > > ok? Or are you complaining that the security_inode_setxattr and > > > integrity_inode_setxattr hooks are too similar anyway, and integrity > > > modules should just use some lsm hooks for anything which will be > > > authoritative? > > > > It's duplication of callsites with many identical implementations > > that's the problem. > > Yes it's ugly... > > But I guess it gets a point across :) > > > > (I could see an argument that integirty subsystem should be purely for > > > measuring and hence its hooks should never return a value. Only hitch > > > there is that if integrity subsystem hits ENOMEM it should be able to > > > refuse the action...) > > > > Right, that's what I was expecting to see, just the measurement > > infrastructure. > > So what you are saying is EVM would stay an LSM, with a cooperating > integrity subsystem *just* doing measurements? > > That's kind of what i was expecting too, however that doesn't fit as > well with the idea that an integrity subsystem prevents the need for lsm > stacking. I think the idea was that evm would still be able to enforce > integrity of selinux xattrs without it stack with selinux. So I can see > where this approach came from. The enforcement mechanism should be directly integrated into SELinux, not stacked as a separate module. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists