| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070308210700.GB2750@sergelap.austin.ibm.com> Date: Thu, 8 Mar 2007 15:07:00 -0600 From: "Serge E. Hallyn" <serue@...ibm.com> To: Stephen Smalley <sds@...ho.nsa.gov> Cc: "Serge E. Hallyn" <serue@...ibm.com>, Chris Wright <chrisw@...s-sol.org>, Mimi Zohar <zohar@...ux.vnet.ibm.com>, linux-kernel@...r.kernel.org, safford@...son.ibm.com, serue@...ux.vnet.ibm.com, kjhall@...ux.vnet.ibm.com, zohar@...ibm.com Subject: Re: [RFC][Patch 2/6] integrity: fs hook placement Quoting Stephen Smalley (sds@...ho.nsa.gov): > On Thu, 2007-03-08 at 12:01 -0600, Serge E. Hallyn wrote: > > Quoting Chris Wright (chrisw@...s-sol.org): > > > * Serge E. Hallyn (serue@...ibm.com) wrote: > > > > Are you objecting only to the duplication at the callsites, so that an > > > > fsnotify-type of consolidation of security and integrity hooks would be > > > > ok? Or are you complaining that the security_inode_setxattr and > > > > integrity_inode_setxattr hooks are too similar anyway, and integrity > > > > modules should just use some lsm hooks for anything which will be > > > > authoritative? > > > > > > It's duplication of callsites with many identical implementations > > > that's the problem. > > > > Yes it's ugly... > > > > But I guess it gets a point across :) > > > > > > (I could see an argument that integirty subsystem should be purely for > > > > measuring and hence its hooks should never return a value. Only hitch > > > > there is that if integrity subsystem hits ENOMEM it should be able to > > > > refuse the action...) > > > > > > Right, that's what I was expecting to see, just the measurement > > > infrastructure. > > > > So what you are saying is EVM would stay an LSM, with a cooperating > > integrity subsystem *just* doing measurements? > > > > That's kind of what i was expecting too, however that doesn't fit as > > well with the idea that an integrity subsystem prevents the need for lsm > > stacking. I think the idea was that evm would still be able to enforce > > integrity of selinux xattrs without it stack with selinux. So I can see > > where this approach came from. > > The enforcement mechanism should be directly integrated into SELinux, > not stacked as a separate module. And a big plus of splitting it up as I was describing is that anyone who wanted could make use of the measurement module to add such functionality to SELinux, as an alternative to the EVM LSM module. -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists