| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200710022233.ICD81749.LJFFHOtOSVOFQM@I-love.SAKURA.ne.jp> Date: Tue, 2 Oct 2007 22:33:40 +0900 From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> To: jmorris@...ei.org Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, chrisw@...s-sol.org Subject: Re: [TOMOYO 14/15](repost) LSM expansion for TOMOYO Linux. Hello. James Morris wrote: > Why do you need racy unlocked versions, in addition to the existing > security_task_kill() hook which is called safely via > check_kill_permission() ? TOMOYO Linux provides "delayed enforcing mode" which allows administrator judge interactively for requests that violated policy. Sometimes, especially after updating software packages, irregular behavior arise. So, the administrator prepares for such irregular behavior by invoking "ccs-queryd" userland program. The "ccs-queryd" prints the contents of policy violation and asks the administrator whether to grant the request that violated policy. This can reduce the possibility of "restarting process failed due to permission denied". Thus, security_task_kill() which is called with tasklist_lock held is not what TOMOYO Linux wants. I know this approach is racy, but TOMOYO Linux wants these unlocked versions to avoid failure due to permission denial caused by MAC's policy. Regards. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists