| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Sep 2014 23:30:14 -0400 From: Richard Guy Briggs <rgb@...hat.com> To: Stephen Smalley <sds@...ho.nsa.gov> Cc: James Morris <jmorris@...ei.org>, Steve Grubb <sgrubb@...hat.com>, Eric Paris <eparis@...hat.com>, Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>, peterz@...radead.org, paulmck@...ux.vnet.ibm.com, laijs@...fujitsu.com, akpm@...ux-foundation.org, joe@...ches.com, keescook@...omium.org, geert@...ux-m68k.org, jkosina@...e.cz, viro@...iv.linux.org.uk, davem@...emloft.net, linux-kernel@...r.kernel.org, mingo@...e.hu, rostedt@...dmis.org, tglx@...utronix.de, linux-security-module@...r.kernel.org Subject: Re: [PATCH] LSM: Pass comm name via get_task_comm() [was: Re: [PATCH] Change task_struct->comm to use RCU.] On 14/03/27, Stephen Smalley wrote: > On 03/27/2014 01:20 PM, Richard Guy Briggs wrote: > > On 14/03/12, James Morris wrote: > >> On Tue, 11 Mar 2014, Tetsuo Handa wrote: > >> > >>> And the same phrase goes to James Morris... > >>> > >>> If you are sure that it is safe to use get_task_comm() from > >>> dump_common_audit_data() and you prefer locked version, please pick up below > >>> patch via your git tree. > >>> > >>> If you are unsure or prefer lockless version, I'll make a lockless version > >>> using do_get_task_comm() proposed in this thread. > >> > >> If you can't understand whether your patch is correct or not, don't ask me > >> to apply it to my tree. > >> > >> If you're unsure, get it reviewed first. > > > > Steve (see https://lkml.org/lkml/2014/3/11/218 ) and James, > > > > Are the labels on data output in LSM_AUDIT_DATA_TASK even right? The > > general case gives pid and comm of current. Then the > > LSM_AUDIT_DATA_TASK case gives pid and comm from the task handed in in > > the struct common_audit_data pointer. They are a duplicate of the > > general case without generating a new message. I expect this will cause > > ausearch to ignore those latter two fields. Should the latter two be > > renamed to something like ad_pid= and ad_comm= ? > > Hmmm..only seems to be used by Smack. > SELinux had a tsk field in common_audit_data that was removed by > b466066. This other tsk field seems to have been added for Smack by > 6e837fb. > > That said, it would be nice to have pid/comm info for the target of a > signal check as well as current. Reviving a bit of an old thread... Probably the appropriate keywords would be opid= and ocomm= for the target (object). - RGB -- Richard Guy Briggs <rbriggs@...hat.com> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists