lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.1.10.0809222310450.25430@asgard.lang.hm>
Date:	Mon, 22 Sep 2008 23:12:44 -0700 (PDT)
From:	david@...g.hm
To:	James Morris <jmorris@...ei.org>
cc:	Kentaro Takeda <takedakn@...data.co.jp>,
	linux-security-module@...r.kernel.org,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
	Toshiharu Harada <haradats@...data.co.jp>
Subject: Re: [PATCH] Introduce new LSM hooks where vfsmount is available.

On Tue, 23 Sep 2008, James Morris wrote:

> On Wed, 17 Sep 2008, Kentaro Takeda wrote:
>
>> TOMOYO Linux needs method for calculating pathname in LSM module.
>> However, we have received comment from Al Viro, the vfs maintainer,
>> that adding vfsmount parameter to vfs helper functions (and LSM hooks)
>> is not preferable. We have asked some people (including Al), and we
>> came back to the most straightforward approach; adding new LSM hooks
>> where vfsmount is available.
>>
>> The attached patch introduces several new LSM hooks TOMOYO Linux
>> needs. It has less impact to existing LSM module and no impact to vfs
>> helper functions. Please review it.
>
> I don't see any technical errors in this patch.
>
> If it is going to be merged, please make a new config option for
> path-based hooks (similar to that for the network hooks), so they can be
> compiled out.

one question about these new hook locations.

it is possible to gather all the info that was gathered at the old hook 
locations from the new ones? I realize that you are not eliminating the 
old hooks (and possibly can't for backwards compatibility), but possibly 
they should be depriciated in favor of the new locations if they can 
satisfy both the old uses and new use cases.

David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ