| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jJ4h+uCF50DqbLe1m6CRr_Mw3pWq4mEm8nRtDPKV9C2Rg@mail.gmail.com> Date: Fri, 18 Nov 2011 13:39:38 -0800 From: Kees Cook <keescook@...omium.org> To: oleg@...hat.com Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, James Morris <jmorris@...ei.org>, roland@...k.frob.com Subject: Re: [PATCH v6 0/3] security: Yama LSM On Thu, Nov 17, 2011 at 8:17 PM, James Morris <jmorris@...ei.org> wrote: > On Wed, 26 Oct 2011, Kees Cook wrote: > >> As discussed at the Linux Security Summit, I'm resubmitting this >> code. As an LSM, it has coherent policy around expanding specific DAC >> behaviors. There is no need for it to be a full-blown MAC, since it is >> not intended to be one, but rather to be a simplified expansion to DAC, >> with system-wide knobs. See the specific patches for details... > > In principle, Yama can be merged, however there are features with > unresolved upstream naks: > > - Handling symlinks in sticky directories > - The ptrace tracker > > These still need to be resolved. Oleg, Roland, Do you have any objection to my LSM performing ptrace restrictions? It's entirely self-contained, and all the major upstream crash handlers are already using the prctl() interface it uses to declare ptrace attach relationships. Thanks, -Kees -- Kees Cook ChromeOS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists