| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20111219194136.GG12321@outflux.net> Date: Mon, 19 Dec 2011 11:41:36 -0800 From: Kees Cook <keescook@...omium.org> To: James Morris <jmorris@...ei.org> Cc: kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, Roland McGrath <roland@...k.frob.com> Subject: Re: [kernel-hardening] [PATCH 2/2] security: Yama LSM Hi James, On Mon, Dec 19, 2011 at 11:33:10AM +1100, James Morris wrote: > On Thu, 15 Dec 2011, Kees Cook wrote: > > +#ifdef CONFIG_SECURITY_YAMA > > + ns->ptrace_scope = parent_pid_ns->ptrace_scope; > > +#endif > > + > > I'd like to see this implemented as an LSM hook, something like > security_ptrace_set_scope(). I must be dense, but I fail to understand the purpose of this. The "ptrace scope" implemented by Yama is a sysctl, not an system interface. I don't understand why (or where) other LSMs would want to catch changing this. Can you explain what you're looking for in more detail? -Kees -- Kees Cook -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists