| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070621195247.GF18990@elf.ucw.cz> Date: Thu, 21 Jun 2007 21:52:47 +0200 From: Pavel Machek <pavel@....cz> To: david@...g.hm Cc: Lars Marowsky-Bree <lmb@...e.de>, Crispin Cowan <crispin@...ell.com>, Greg KH <greg@...ah.com>, Andreas Gruenbacher <agruen@...e.de>, Stephen Smalley <sds@...ho.nsa.gov>, jjohansen@...e.de, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching Hi! > >>The code has improved, and continues to improve, to meet all the coding > >>style feedback except the bits which are essential to AA's function > > > >Which are exactly the bits Christoph Hellwig and Al Viro > >vetoed. http://www.uwsg.iu.edu/hypermail/linux/kernel/0706.1/2587.html > >. I believe it takes more than "2 users want it" to overcome veto of > >VFS maintainer. > > so you are saying that _any_ pathname based solution is not acceptable to > the kernel, no matter what? You'd have to ask Christoph the same question. AFAICT, reconstructing full path then basing security on that is a no-no. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists