lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200707031833.12058.agruen@suse.de>
Date:	Tue, 3 Jul 2007 18:33:11 +0200
From:	Andreas Gruenbacher <agruen@...e.de>
To:	Christoph Hellwig <hch@...radead.org>
Cc:	Casey Schaufler <casey@...aufler-ca.com>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Adrian Bunk <bunk@...sta.de>,
	Andrew Morton <akpm@...ux-foundation.org>,
	John Johansen <jjohansen@...e.de>,
	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	linux-fsdevel@...r.kernel.org
Subject: Re: [AppArmor 00/44] AppArmor security module overview

On Monday 02 July 2007 22:15, Christoph Hellwig wrote:
> AA on the other hand just fucks up VFS layering [...]

Oh come on, this claim clearly isn't justified. How on earth is passing 
vfsmounts down the lsm hooks supposed to break vfs layering? We are not 
proposing to pass additional information down to file systems. There is no 
barrier between the vfs and lsm hooks for vfsmounts even today -- only look 
at the inode_getattr hook; it already gets a vfsmount.

Without vfsmount we cannot tell where in the namespace we are, but that 
information is essential for any kind of pathname based mechanism, AA or not, 
and even for plain reporting.

LSM as a framework is supposed to allow different security mechanisms to be 
plugged in. It isn't flexible enough for us right now, and so we are 
proposing to extend it. What can be wrong about that?

Andreas
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ