| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090106164727.GC9773@us.ibm.com> Date: Tue, 6 Jan 2009 10:47:27 -0600 From: "Serge E. Hallyn" <serue@...ibm.com> To: David Howells <dhowells@...hat.com> Cc: James Morris <jmorris@...ei.org>, Christoph Hellwig <hch@....de>, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-security-module@...r.kernel.org, Stephen Rothwell <sfr@...b.auug.org.au>, Andrew Morgan <morgan@...nel.org> Subject: Re: [PATCH] CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2] Quoting David Howells (dhowells@...hat.com): > Serge E. Hallyn <serue@...ibm.com> wrote: > > > You have the 'acting_as' name for subj/eff, which I like. Is there > > another name you could use in place of 'real' in the name > > task_real_capable()? > > Ummm... 'Actual' or 'Assigned' perhaps? > > > I do find this version much easier to read. It seems easier to > > track capable+current_cred() vs real_capable+get_task_cred(). Could > > you do a few benchmarks to gauge whether the difference the > > optimization makes? > > Yeah... My main objection is passing around two or three superfluous arguments > in the common case. Most of the time, the only necessary argument to > sec->capable(): > > int (*capable) (struct task_struct *tsk, const struct cred *cred, > int cap, int audit); > > is cap; tsk, cred and audit are all superfluous in the (very) common case. > > How about: > > int (*fast_capable) (int cap); > > which assumes current, current_cred() and SECURITY_CAP_AUDIT? Well I'd rather it be called acting_capable() or self_acting_capable(), but the realy issue is how to make that work through the security_ops() layer without needless code duplication. It'd be ideal if it's doable, I agree. > Benchmarking is tricky, given that the individual savings will be relatively > small in comparison to the code that calls them. > > However, if I can get rid of three arguments passed into each of > security_capable(), selinux_capable() and cap_capable(), that really should > speed things up if you call it enough times, especially as current is held in a > register on some archs. > > I'll see what I can do. > > > I'm looking at a several-week-old linux-next, but only see one use of > > capable on another task which audits, and that is in commoncap for > > traceme, so it seems reasonable. > > Should has_capability() be out of lines and have security_real_capable() merged > into it? And the same for has_capability_noaudit() and > security_real_capable_noaudit()? > > > So yeah, I do like this version better. > > Perhaps a separate patch to optimise capable(). As I said, I'll see about > benchmarking it. Cool, thanks. In the meantime, I guess your first patch is in security-next anyway, right? -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists