lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 07 Jun 2009 02:08:21 -0400
From:	Mimi Zohar <>
To:	Linus Torvalds <>
Cc:	Hugh Dickins <>,
	Mimi Zohar <>,
	Andrew Morton <>,
	Serge Hallyn <>,
	James Morris <>,
	Al Viro <>,
Subject: Re: [PATCH] integrity: fix IMA inode leak

On Sat, 2009-06-06 at 14:18 -0700, Linus Torvalds wrote:
> On Sat, 6 Jun 2009, Hugh Dickins wrote:
> >
> > CONFIG_IMA=y inode activity leaks iint_cache and radix_tree_node objects
> > until the system runs out of memory.  Nowhere is calling ima_inode_free()
> > a.k.a. ima_iint_delete().  Fix that by calling it from destroy_inode().
> Shouldn't we call it from "security_inode_free()" instead? And shouldn't 
> it be allocated in "security_inode_alloc()"? That sounds like the correct 
> nesting here, since the whole integrity thing is under the security 
> module.
> Hmm?
> 		Linus

Mandatory Access Control(MAC) modules (i.e. SELinux, smack, etc) and
integrity (i.e IMA) are two different aspects of security.  The LSM
hooks, which includes security_inode_free(), are used to implement MAC,
not integrity.

Mimi Zohar

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists