lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <19654.57160.616600.480900@quad.stoffel.home>
Date:	Tue, 26 Oct 2010 10:01:44 -0400
From:	"John Stoffel" <john@...ffel.org>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Christoph Hellwig <hch@...radead.org>,
	"J.H." <warthog9@...nel.org>, John Stoffel <john@...ffel.org>,
	Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	linux-fsdevel@...r.kernel.org, zohar@...ibm.com,
	david@...morbit.com, jmorris@...ei.org, kyle@...artin.ca,
	hpa@...or.com, akpm@...ux-foundation.org, mingo@...e.hu,
	viro@...iv.linux.org.uk
Subject: Re: [PATCH 01/11] IMA: use rbtree instead of radix tree for inode
 information cache

>>>>> "Linus" == Linus Torvalds <torvalds@...ux-foundation.org> writes:

Linus> On Mon, Oct 25, 2010 at 1:57 PM, Christoph Hellwig <hch@...radead.org> wrote:
>> 
>> Kyle sent a very useful patch to simply disable the ima tracking unless
>> you enable it on the command line.

Linus> And exactly how does that invalidate _any_ of the patches in
Linus> the IMA series in question? All of them are basically still
Linus> equally valid.

Well, if we're going to keep IMA as an option, then this cleanup is
certainly worthwhile.   And keeping it's impact down as much as
possible is even better.  

Linus> And the "four bytes in 'struct inode' is a total no-no" crowd
Linus> clearly haven't looked at struct inode. As mentioned, we've got
Linus> things like quota stuff there too.

Quota is arguably much more useful than IMA, and to a much larger
audience.  There's a reason it's in there.  As a SysAdmin, one of my
major gripes is how hard it is to manage disk space usage by my users
and track it in useful ways.

Quotas allow me to do a quicker, more targeted response when disk
space fills up and I need to find the biggest users.  Would I like
better quota reporting?  Sure!  Do I want more overhead, not so much.
It's a balancing act.

Linus> And quite frankly, it sounds like the right thing to do for
Linus> Fedora &co is to simply _disable_ CONFIG_IMA. If there is no
Linus> support for it on a distro level, then you shouldn't enable it.

So the Kconfig should have 'default N' for IMA then?

John

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ