lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 15 May 2012 17:37:46 -0700
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc:	Eric Paris <eparis@...isplace.org>, Mimi Zohar <zohar@...ibm.com>,
	linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org, Al Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH] vfs: fix IMA lockdep circular locking dependency

So here's a COMPLETELY UNTESTED patch that does what I think might be
the right thing.

To simplify the calling convention, I'm just making the security layer
compute the whole "requested protections" vs "actual protections". It
might be a good idea to have a helper function to do that, of course,
but that sounds like an independent cleanup (the mprotect() code also
has this same logic, and does it incompletely).

It does change some things, like say that "->mmap_file()" is only ever
called for actual files, not for anonymous mappings. It doesn't seem
to be sensible to have a security model for anonymous mappings -
there's nothing there to really target. Whatever.

It also makes security_mmap_addr() always call the standard capability
check (*after* having called the security model version), so the
security model no longer needs to care. All of them did seem to do so.

And again: this is totally untested. I'm not committing this, it's
more of a "hey, I tried it out, might as well send it out for
comments" thing.

                      Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ