lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 27 Feb 2008 01:22:29 +0200
From:	"Ahmed S. Darwish" <darwish.07@...il.com>
To:	Chris Wright <chrisw@...s-sol.org>,
	Stephen Smalley <sds@...ho.nsa.gov>,
	James Morris <jmorris@...ei.org>,
	Eric Paris <eparis@...isplace.org>,
	Casey Schaufler <casey@...aufler-ca.com>,
	David Woodhouse <dwmw2@...radead.org>
Cc:	linux-security-module@...r.kernel.org,
	LKML <linux-kernel@...r.kernel.org>,
	akpm <akpm@...ux-foundation.org>
Subject: [PATCH -mm 0/4] LSM interfaced Audit (SELinux audit separation)

Hi everybody,

This is a beginning of work (started and suggested by Casey Schaufler)
to let Audit be LSM neutral. This is done for proper audit<->SMACK 
integration which will also be useful for any future LSM.

What follows is four patches to remove the following exported 
SElinux interfaces:
selinux_get_inode_sid(inode, sid)
selinux_get_ipc_sid(ipcp, sid) 
selinux_get_task_sid(tsk, sid)
selinux_sid_to_string(sid, ctx, len)

and substitue them respectively with:
new LSM hook, inode_getsecid(inode, secid)
new LSM hook, ipc_getsecid*(ipcp, secid)
LSM hook, task_getsecid(tsk, secid)
LSM hook, sid_to_secctx(sid, ctx, len)

The work isn't complete yet, and those four patches are sent for
an early review. A new LSM interfaces/hooks will be created to
substitute the SELinux exported audit interfaces, thus completing
the separation.

It's worthy to note that those changes can be merged in
their current state. The tree is fully grepped to make sure
that no subsystem ,except the patched ones, will be affected
by this SELinux API breakage.

Diffstat:

 include/linux/security.h   |   23 +++++++++++++++-
 include/linux/selinux.h    |   62 ---------------------------------------------
 kernel/audit.c             |   14 +++++-----
 kernel/auditfilter.c       |    5 ++-
 kernel/auditsc.c           |   37 +++++++++++++-------------
 net/netlink/af_netlink.c   |    3 --
 security/dummy.c           |   16 ++++++++++-
 security/security.c        |   12 ++++++++
 security/selinux/exports.c |   42 ------------------------------
 security/selinux/hooks.c   |   19 ++++++++++++-
 10 files changed, 95 insertions(+), 138 deletions(-)

Thanks in advance for your reviews and comments.

-- 
Ahmed S. Darwish
Blog: http://darwish-07.blogspot.com
Homepage: http://darwish.07.googlepages.com

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ