lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20101018171046.GE8332@bombadil.infradead.org>
Date:	Mon, 18 Oct 2010 13:10:46 -0400
From:	Kyle McMartin <kyle@...artin.ca>
To:	Eric Paris <eparis@...hat.com>
Cc:	Kyle McMartin <kyle@...artin.ca>, James Morris <jmorris@...ei.org>,
	Christoph Hellwig <hch@...radead.org>,
	kernel@...ts.fedoraproject.org, Mimi Zohar <zohar@...ibm.com>,
	warthog9@...nel.org, Dave Chinner <david@...morbit.com>,
	linux-kernel@...r.kernel.org, "H. Peter Anvin" <hpa@...or.com>,
	Serge Hallyn <serue@...ibm.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andrew Morton <akpm@...ux-foundation.org>, mingo@...e.hu
Subject: Re: ima: use of radix tree cache indexing == massive waste of memory?

On Mon, Oct 18, 2010 at 12:48:54PM -0400, Eric Paris wrote:
> I'll can address this on the fedora list, but I think this is the wrong
> approach.  IMA is supposed to be of negligible impact when not 'enabled'
> and I believe the right solution is to fix places where that isn't true.
> At the moment 3 have been identified.
> 

My beef is #2, which is what I want to see solved. If there's a million
people using Fedora, and 2 people use IMA, that's an awful lot of bytes
that could be otherwise used.

I think it should be entirely opt in, with a CONFIG_IMA_DEFAULT_ON or
something like we do for security hooks.

Anyway, If you can address #2, then I'm happy having it enabled. If it's
taken us this long to notice the impact, then it doesn't seem to be
all that large in the general case, and if it can be reduced, then that
should make everyone happy.

--Kyle
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ