| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100803170749.GI3948@outflux.net> Date: Tue, 3 Aug 2010 10:07:49 -0700 From: Kees Cook <kees.cook@...onical.com> To: Christian Stroetmann <stroetmann@...olinux.com> Cc: James Morris <jmorris@...ei.org>, linux-kernel <linux-kernel@...r.kernel.org>, linux-fsdevel <linux-fsdevel@...r.kernel.org>, linux-security-module <linux-security-module@...r.kernel.org> Subject: Re: Preview of changes to the Security susbystem for 2.6.36 On Mon, Aug 02, 2010 at 07:33:26PM +0200, Christian Stroetmann wrote: > structure of the other LSMs, especially if it becomes large and in > this way important to be followed by only growing it with > functionalities taken from other security packages. If you say that > the way of the Yama LSM is the right way to do it in general, then > we don't need a new LSM like Yama, but a new LSM architecture. Well, trying to get these protections into mainline does seem to be demonstrating a need for some kind of security architecture that isn't LSM. As for chaining, I was considering introducing basic "first non-zero return code wins" chain of LSMs, but the chain could include only up to 1 LSM that implements the proc attr hook (though the prctl handler isn't non-zero but rather non-ENOSYS). -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists