lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <53346891.5030806@tycho.nsa.gov>
Date:	Thu, 27 Mar 2014 14:06:09 -0400
From:	Stephen Smalley <sds@...ho.nsa.gov>
To:	Richard Guy Briggs <rgb@...hat.com>,
	James Morris <jmorris@...ei.org>,
	Steve Grubb <sgrubb@...hat.com>, Eric Paris <eparis@...hat.com>
CC:	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
	peterz@...radead.org, paulmck@...ux.vnet.ibm.com,
	laijs@...fujitsu.com, akpm@...ux-foundation.org, joe@...ches.com,
	keescook@...omium.org, geert@...ux-m68k.org, jkosina@...e.cz,
	viro@...iv.linux.org.uk, davem@...emloft.net,
	linux-kernel@...r.kernel.org, mingo@...e.hu, rostedt@...dmis.org,
	tglx@...utronix.de, linux-security-module@...r.kernel.org
Subject: Re: [PATCH] LSM: Pass comm name via get_task_comm() [was: Re: [PATCH]
 Change task_struct->comm to use RCU.]

On 03/27/2014 01:20 PM, Richard Guy Briggs wrote:
> On 14/03/12, James Morris wrote:
>> On Tue, 11 Mar 2014, Tetsuo Handa wrote:
>>
>>> And the same phrase goes to James Morris...
>>>
>>> If you are sure that it is safe to use get_task_comm() from
>>> dump_common_audit_data() and you prefer locked version, please pick up below
>>> patch via your git tree.
>>>
>>> If you are unsure or prefer lockless version, I'll make a lockless version
>>> using do_get_task_comm() proposed in this thread.
>>
>> If you can't understand whether your patch is correct or not, don't ask me 
>> to apply it to my tree.
>>
>> If you're unsure, get it reviewed first.
> 
> Steve (see https://lkml.org/lkml/2014/3/11/218 ) and James,
> 
> Are the labels on data output in LSM_AUDIT_DATA_TASK even right?  The
> general case gives pid and comm of current.  Then the
> LSM_AUDIT_DATA_TASK case gives pid and comm from the task handed in in
> the struct common_audit_data pointer.  They are a duplicate of the
> general case without generating a new message.  I expect this will cause
> ausearch to ignore those latter two fields.  Should the latter two be
> renamed to something like ad_pid= and ad_comm= ?

Hmmm..only seems to be used by Smack.
SELinux had a tsk field in common_audit_data that was removed by
b466066.  This other tsk field seems to have been added for Smack by
6e837fb.

That said, it would be nice to have pid/comm info for the target of a
signal check as well as current.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ