lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHse=S_wZez=XOfGwkCCWXGMAFj3ivbL9g93RX66bOw3cYw1kQ@mail.gmail.com>
Date:	Wed, 2 Jul 2014 18:09:27 +0100
From:	David Drysdale <drysdale@...gle.com>
To:	Paul Moore <paul@...l-moore.com>
Cc:	Andy Lutomirski <luto@...capital.net>,
	LSM List <linux-security-module@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Alexander Viro <viro@...iv.linux.org.uk>,
	Meredydd Luff <meredydd@...atehouse.org>,
	Kees Cook <keescook@...omium.org>,
	James Morris <james.l.morris@...cle.com>,
	Linux API <linux-api@...r.kernel.org>
Subject: Re: [PATCH 09/11] capsicum: implementations of new LSM hooks

On Wed, Jul 2, 2014 at 2:49 PM, Paul Moore <paul@...l-moore.com> wrote:
> On Monday, June 30, 2014 09:05:38 AM Andy Lutomirski wrote:
>> On Mon, Jun 30, 2014 at 3:28 AM, David Drysdale <drysdale@...gle.com> wrote:
>> > If the LSM does not provide implementations of the .file_lookup and
>> > .file_install LSM hooks, always use the Capsicum implementations.
>> >
>> > The Capsicum implementation of file_lookup checks for a Capsicum
>> > capability wrapper file and unwraps to if the appropriate rights
>> > are available.
>> >
>> > The Capsicum implementation of file_install checks whether the file
>> > has restricted rights associated with it.  If it does, it is replaced
>> > with a Capsicum capability wrapper file before installation into the
>> > fdtable.
>>
>> I think I fall on the "no LSM" side of the fence.  This kind of stuff
>> should be available regardless of selected LSM (as it is in your
>> code) ...
>
> I agree.  Looking quickly at the patches, the code seems to take an odd
> approach of living largely outside the LSM framework, but then relying on a
> couple of LSM hooks.  Capsicum should either live fully as a LSM or fully
> outside of it, this mix seems a bit silly to me.

Yeah, the end result was definitely a bit odd, hence the queries in the
cover email.  The consensus so far seems to be that they don't help,
so I'll remove the gratuitous LSM hooks on the next iteration.

Thanks,
David

> --
> paul moore
> www.paul-moore.com
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ