lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Dec 2008 11:55:28 -0500 From: Eric Paris <eparis@...hat.com> To: James Morris <jmorris@...ei.org> Cc: Al Viro <viro@...IV.linux.org.uk>, linux-audit@...hat.com, linux-kernel@...r.kernel.org, Al Viro <viro@....linux.org.uk> Subject: Re: [PATCH 3/15] sanitize audit_ipc_obj() On Wed, 2008-12-17 at 20:53 +1100, James Morris wrote: > On Wed, 17 Dec 2008, Al Viro wrote: > > > On Wed, Dec 17, 2008 at 06:24:40PM +1100, James Morris wrote: > > > On Wed, 17 Dec 2008, Al Viro wrote: > > > > > > > + struct { > > > > + uid_t uid; > > > > + gid_t gid; > > > > + mode_t mode; > > > > + u32 osid; > > > > + } ipc; > > > > > > 'osid' should be converted into 'secid' someday. > > > > Eh? Do you mean the field name there or the actual output? Either is > > trivial, of course, but the latter is up to userland folks and the > > former alone seems to be rather pointless... > > I was thinking in terms of the kernel API, where 'secid' is the preferred > name for security identifiers ('sid' being an SELinux-specific term and > also conflicting with 'session id'). Given that it's exposed to userland, > I guess it's too late. James meant just do s/osid/secid/ for continuity across the kernel (we are trying to make the main kernel a bit more LSM agnostic and sid is an SELinux term). The userspace exported part is actually a translated string (I think we use ocontext= and scontext=). There is no reason we couldn't do this in audit. But, I don't think it's worth changing this patch, as I think audit refers to it as sid in other places. Maybe I'll try to clean that up someday. I at least added it to my "someday" todo list. -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists