| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <27904.1198862631@turing-police.cc.vt.edu>
Date: Fri, 28 Dec 2007 12:23:51 -0500
From: Valdis.Kletnieks@...edu
To: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Cc: serue@...ibm.com, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: TOMOYO Linux Security Goal
On Fri, 28 Dec 2007 23:32:09 +0900, Tetsuo Handa said:
> You can run your system with only policy collected by learning mode.
> Thus, you basically don't need manual intervention.
> But since there are randomly named files (i.e. temporary files),
> you pay a little time to modify policy.
>
> The learning mode is to save time for permitting commonly accessed resources.
> Administrator reviews policy collected by learning mode. Thus the readability
> of policy is important so that administrator can understand what he/she is
> going to allow or reject.
Please make a *big* notation someplace that "learning mode" is quite likely to
*not* produce a totally correct policy. In particular, it won't build rules for
infrequently used code paths (such as error handling) unless you find a way to
exercise those paths while in learning mode.
Particularly fun - when learning mode doesn't create an entry for the logfile
for I/O errors. Then when one actually happens, you have no idea what it was...
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists