lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 6 Apr 2009 09:33:16 +1000 (EST)
From:	James Morris <jmorris@...ei.org>
To:	"David P. Quigley" <dpquigl@...ho.nsa.gov>
cc:	casey@...aufler-ca.com, sds@...ho.nsa.gov,
	"Matthew N. Dodd" <matthew.dodd@...rta.com>,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov,
	labeled-nfs@...ux-nfs.org
Subject: Re: [PATCH 08/14] NFSv4: Add label recommended attribute and NFSv4
 flags

On Fri, 3 Apr 2009, David P. Quigley wrote:

> On Fri, 2009-04-03 at 22:43 +1100, James Morris wrote:
> > On Fri, 3 Apr 2009, David P. Quigley wrote:
> > 
> > > We tried to change this to be dynamically allocated based on what was
> > > coming off of the wire but we ran into a problem that it required us to
> > > do allocations where they really shouldn't be done in the rpc/nfsv4
> > > code. Trond suggested to make this static and that if someone really
> > > needed more than a page for their label that something was horrifically
> > > wrong. I'm tempted to agree with him on this but there are people trying
> > > to send contexts with an MLS component with every other compartment set
> > > which tend to be really large. 
> > 
> > Well, future labels might include cryptographic information, for example.
> > 
> 
> <removing people from the CC who probably don't care about this>
> 
> Could you expand on why this might be needed or what applications would
> use this? It's unclear to me what sort of crypto information would be in
> a context. I know the ecryptfs guys were trying to make crypto decisions
> based on SELinux context in some cases but I never heard of wanting to
> put that kind of information into the context.

Potentially as part of a mandatory cryptographic policy, although the 
exact form of the labeling is unknown.

But the main point is that we should not needlessly limit the flexibility 
of the system.

-- 
James Morris
<jmorris@...ei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ