| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Jun 2008 06:49:06 -0600 From: Matthew Wilcox <matthew@....cx> To: Andreas Gruenbacher <agruen@...e.de> Cc: Miklos Szeredi <miklos@...redi.hu>, hch@...radead.org, linux-security-module@...r.kernel.org, linux-fsdevel@...r.kernel.org, jmorris@...ei.org, sds@...ho.nsa.gov, eparis@...hat.com, casey@...aufler-ca.com, jjohansen@...e.de, penguin-kernel@...ove.sakura.ne.jp, viro@...iv.linux.org.uk, linux-kernel@...r.kernel.org Subject: Re: [patch 01/15] security: pass path to inode_create On Mon, Jun 02, 2008 at 02:45:10PM +0200, Andreas Gruenbacher wrote: > Without the vfsmount, when something is mounted in more than once place, you > cannot report which of the name aliases a process is accessing. This is > unacceptable; the logs would become unusable. With pathname-based, the > AppArmor and TOMOYO folks really mean pathname-based, not a hybrid pathname / > mount point model. audit_getname manages to do this. You're just not thinking hard enough ;-) > One consequence of this is that pathname-based models must control who is > allowed to create aliases where, of course. Absolutely. -- Intel are signing my paycheques ... these opinions are still mine "Bill, look, we understand that you're interested in selling us this operating system, but compare it to ours. We can't possibly take such a retrograde step." -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists