| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Feb 2008 11:59:58 -0800 (PST) From: Casey Schaufler <casey@...aufler-ca.com> To: Stephen Smalley <sds@...ho.nsa.gov>, casey@...aufler-ca.com Cc: Dave Quigley <dpquigl@...ho.nsa.gov>, hch@...radead.org, viro@....linux.org.uk, trond.myklebust@....uio.no, bfields@...ldses.org, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, LSM List <linux-security-module@...r.kernel.org> Subject: Re: [PATCH 01/11] Security: Add hook to get full maclabel xattr name --- Stephen Smalley <sds@...ho.nsa.gov> wrote: > > On Thu, 2008-02-28 at 11:23 -0800, Casey Schaufler wrote: > ... > > LSM is not supposed to be only for MAC and it's not supposed > > to be only for label based schemes. It's supposed to be > > for additional security restrictions. Providing an interface > > that should be generally applicable with a name that > > constrains it to a specific subset of those schemes is wrong. > > Casey, you aren't listening (why am I surprised?). I think that I am listening, and I appologize for doing such a poor job of getting my view on the across. > This is an interface to be used by NFS to get information from the > security module. The information desired is specific to the MAC > labeling functionality in NFSv4 that is being proposed. Do you understand that if the functionality being proposed is specific to a particular file system it ought to be contained in that file system, not proposed as a part of the general purpose interface? > That > functionality is MAC specific (necessarily so, just like the ACL > functionality is ACL specific). The ACL funtionality over NFS could be done using general interfaces, and there are examples (e.g. Irix) where it has been done. I understand the rationale for the current implementation while disagreeing with that rationale. Further, there is a major difference between ACLs and a legitimate LSM (for MAC or DAC) in that ACLs are a change to the Linux access control scheme (they interact with the mode bits) whereas a legitimate LSM is strictly additional restrictions. > We are hiding the SELinux-specific bits > behind the LSM interface, and non-MAC LSMs are free to return NULL in > order to indicate that they don't support MAC labeling. We do NOT want > the capability module to return its security blob here, or any other > non-MAC LSM - it will yield the wrong semantics for the NFS MAC support. I should hope then that your SELinux specific NFS server should look at the name presented and treat it appropriately. > In any event, I don't think we need your permission. You're correct, you don't. You can propose anything you like. Don't take my criticisms personally, but I think you're wrong on this one. I don't like to see this unnecessary limitation, the kind that could haunt the code base for years, when it seems pretty obvious that it could be better. Casey Schaufler casey@...aufler-ca.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists