[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3827420.CeUHuNxA9P@tauon>
Date: Tue, 17 Mar 2015 15:59:48 +0100
From: Stephan Mueller <smueller@...onox.de>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH] crypto: prevent helper ciphers from being allocated by users
Am Dienstag, 17. März 2015, 22:45:52 schrieb Herbert Xu:
Hi Herbert,
>On Tue, Mar 17, 2015 at 12:40:12PM +0100, Stephan Mueller wrote:
>> >How about adding a flag to all these internal algorithms and then
>> >change crypto_alg_mod_lookup to disable that flag by default?
>>
>> The issue with flags is the following: first we have to think about
>> whether we want a black list or white list approach. Your suggestion
>> implies a black list. Black lists for ensuring security is not good
>> IMHO as it has a tendency to miss cases. This especially applies to
>> this area where we have already an indicator for internal ciphers:
>> the prio is so low that it will never ever be selected based on the
>> name. Now, adding a flag means that we mark such an internal cipher
>> twice.
>
>Huh? Using prio is already a black list.
>
>In any case abusing the priority field like this is not acceptable,
>especially when the priority can be set from user-space.
I agree, I forgot about the priority being changable.
I will prepare a proposal with a flag.
>
>Cheers,
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists