| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090926213528.GB23564@c.hsd1.tn.comcast.net>
Date: Sat, 26 Sep 2009 21:35:28 +0000
From: Andy Spencer <andy753421@...il.com>
To: Casey Schaufler <casey@...aufler-ca.com>
Cc: linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC][PATCH] Privilege dropping security module
> It's amazing who much of this stuff there is to attend to. If you
> haven't, run checkpatch.py on your patches. You'll need to pass that
> eventually.
I've fixed the remaining things that checkpatch.pl suggests as well as a
few others and will include those checks for future patches.
> Hmm. You are working with the Linux DAC mechanism, even if only within
> a process tree. You're not dropping privilege, you're applying a mask
> to the file permission bits, currently for file system objects, and
> with other objects (sysvipc at least) in the future. Hmm. modemask?
> Something derived from "restricted process tree?"
`Access Control Masking' or `Policy Masking' perhaps?
> You will need to change that if you want the code upstream. There are
> people lurking out there, looking for things that could be static be
> aren't and pouncing on unwary developers.
I noticed that `make namespacecheck' complained about that as well, so I
went ahead and make those static.
> Please repost against the mainline. I will look at the semantics of
> the code next time around.
I'll repost in a couple days once I've worked in a few more suggestions.
(and hopefully with a new name)
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists