| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 May 2011 20:55:40 -0400 From: Mimi Zohar <zohar@...ux.vnet.ibm.com> To: Casey Schaufler <casey@...aufler-ca.com> Cc: Steven Whitehouse <swhiteho@...hat.com>, linux-security-module@...r.kernl.org, cluster-devel@...hat.com, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, James Morris <jmorris@...ei.org>, David Safford <safford@...son.ibm.com>, Andrew Morton <akpm@...ux-foundation.org>, Greg KH <greg@...ah.com>, Dmitry Kasatkin <dmitry.kasatkin@...ia.com>, Mimi Zohar <zohar@...ibm.com>, Stephen Smalley <sds@...ho.nsa.gov>, Eric Paris <eparis@...hat.com> Subject: Re: [PATCH v5 13/21] evm: add evm_inode_post_init call in gfs2 On Mon, 2011-05-16 at 12:25 -0700, Casey Schaufler wrote: > On 5/16/2011 11:48 AM, Mimi Zohar wrote: > > On Mon, 2011-05-16 at 11:23 -0700, Casey Schaufler wrote: > >> There is a very real possibility that multiple concurrent LSMs will > >> be supported before too long. Smack already uses multiple attributes > >> (SMACK64, SMACK64EXEC) on a file. Getting all the attributes in a > >> single call could result in an interface that requires parsing a > >> string argument, and we all know how popular those are. Introducing > >> an interface that we know isn't going to accommodate this upcoming > >> direction does not seem prudent. > > I would think that Smack would benefit from Steven's suggestion of > > returning an array of xattrs. Without his suggestion, I'm not sure how > > you are, or planning on, initializing multiple xattrs from a single LSM, > > unless of course you're not using security_inode_init_security(). > > The good news is that Smack has one required attribute. The others > are for special purposes and will usually be absent. It is easy to > imagine an LSM that always uses multiple attributes on a given file. > > Yes, the array of xattr structures makes sense for any one LSM, > but there still needs to be the potential for multiple calls for > the multiple LSM case. I can't see that going away without a radical > LSM restructuring. > > > Multiple LSMs calling security_inode_init_security() will be an issue > > for EVM, as EVM assumes there is a single LSM xattr on which to base the > > initial hmac. > > That is far from the biggest issue with multiple LSMs, but is definitely > something to worry about. Ok. After thinking about this a bit more, moving evm_inode_init_security() into security_inode_init_security() only works for the single LSM and EVM case, but not for the multiple LSMs and EVM case, as the 'stacker' would call each LSM's security_inode_iint_security(). Having the 'stacker' return an array of xattrs would make sense and, at the same time, resolve the EVM issue. In evm_inode_post_init_security(), EVM could then walk the list of xattrs. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists