| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LRH.2.00.0906090912120.6132@tundra.namei.org>
Date: Tue, 9 Jun 2009 09:16:21 +1000 (EST)
From: James Morris <jmorris@...ei.org>
To: Mimi Zohar <zohar@...ux.vnet.ibm.com>
cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Hugh Dickins <hugh.dickins@...cali.co.uk>,
Mimi Zohar <zohar@...ibm.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Serge Hallyn <serue@...ibm.com>,
Al Viro <viro@...iv.linux.org.uk>,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
David Safford <safford@...son.ibm.com>
Subject: Re: [PATCH] integrity: fix IMA inode leak
On Mon, 8 Jun 2009, Mimi Zohar wrote:
>
> Ok, so instead of having a full fledge single security layer, only add
> the security layer for those places where both the LSM hooks and IMA
> co-exist: security_file_mmap, security_bprm_check, security_inode_alloc,
> security_inode_free, and security_file_free. As the LSM hooks are called
> 'security_XXXX', the call would look something like:
>
> security_all_inode_free() {
> ima_inode_free()
> security_inode_free()
> }
Yes, it only needs to be a wrapper. The above is ugly, how about:
security_inode_free()
{
ima_inode_free();
lsm_inode_free();
}
I think we may have come full circle on the naming of the LSM hook, but
'security_*' was never great given that it's only supposed to be covering
access control.
--
James Morris
<jmorris@...ei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists