| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20141109000757.GA23762@pix> Date: Sun, 9 Nov 2014 01:07:57 +0100 From: Karol Lewandowski <lmctlx@...il.com> To: Greg KH <gregkh@...uxfoundation.org> Cc: Karol Lewandowski <k.lewandowsk@...sung.com>, pmoore@...hat.com, jkosina@...e.cz, linux-api@...r.kernel.org, linux-kernel@...r.kernel.org, john.stultz@...aro.org, arnd@...db.de, tj@...nel.org, desrt@...rt.ca, simon.mcvittie@...labora.co.uk, daniel@...que.org, dh.herrmann@...il.com, casey.schaufler@...el.com, marcel@...tmann.org, tixxdz@...ndz.org, javier.martinez@...labora.co.uk, alban.crequy@...labora.co.uk, linux-security-module@...r.kernel.org, r.krypa@...sung.com Subject: Re: [RFC PATCH 0/5] kdbus: add support for lsm On Fri, Nov 07, 2014 at 10:01:20AM -0800, Greg KH wrote: > On Fri, Oct 31, 2014 at 05:36:32PM +0100, Karol Lewandowski wrote: > > This is set of EXPERIMENTAL patches adding lsm support to kdbus. > > (Rebased on top of v3.17.) > > > > >From least to most invasive: > > > > - (1) kdbus: extend structures with security pointer for lsm > > > > Trivial. Applicable as-is. > > > > - (2) security: export security_file_receive for modules > > (3) kdbus: check if lsm permits installing received fds > > > > fd_install doesn't seem to consult LSM, these patches > > ensure that receiving process has the right to sent fds. > > > > Compile-tested only. > > > > - (4) security: introduce lsm hooks for kdbus > > (5) kdbus: make use of new lsm hooks > > > > Set of proof-of-concept hooks discussed previously with Paul Moore. > > > > kdbus integration patch (5) for review, but unlikely for integration > > at this stage. > > > > Likewise, compile-tested only. > > > > > > Karol Lewandowski (5): > > kdbus: extend structures with security pointer for lsm > > security: export security_file_receive for modules > > kdbus: check if lsm permits installing received fds > > security: introduce lsm hooks for kdbus > > kdbus: make use of new lsm hooks > > These looks reasonable to me, thanks for sending them. They will need > to be refreshed again after this next round of changes, but it shouldn't > be that hard to do so. Sure thing. For completness - there are accompanying Smack and SELinux patches that could go together with above patches, ie. https://github.com/lmctl/linux/commit/103c26fd27d1ec8c32d85dd3d85681f936ac66fb http://git.infradead.org/users/pcmoore/selinux/commitdiff/eef4844f91fef6092b6bfac941ebe7f18375be9d I've got some free time on my hands now, so I'll try to revisit these too. Cheers, Karol Lewandowski -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists