| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Mar 2009 09:51:25 -0400 From: Paul Moore <paul.moore@...com> To: Miloslav Trmac <mitr@...hat.com> Cc: viro <viro@...iv.linux.org.uk>, Eric Paris <eparis@...hat.com>, "linux-kernel" <linux-kernel@...r.kernel.org>, linux-audit@...hat.com Subject: Re: [PATCH] Add SELinux context and TTY name to AUDIT_TTY records On Friday 20 March 2009 04:53:27 am Miloslav Trmac wrote: > ----- "Paul Moore" <paul.moore@...com> wrote: > > There are several audit experts which should review this code but two > > things jumped out at me when glancing at your patch: > > > > 1. SELinux SIDs should not be recorded > > Almost all code that logs SELinux contexts in kernel/audit* does the same > thing as this patch, falling back to a SID if it can't be converted to a > string. Ungh, that's ugly and questionably useful (I suppose I know why this is done) but if that convention then who am I to argue. > > 2. From a SELinux/security point of view ttys are considered objects > > and their labels/contexts should be recorded with "obj=" not > > "subj=" > > The patch logs the context of the process, not of the TTY. Okay, that is what I get for just glancing at patches and not looking at them closer :) -- paul moore linux @ hp -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists