| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Jul 2015 16:09:16 -0400 From: Josh Boyer <jwboyer@...oraproject.org> To: Casey Schaufler <casey@...aufler-ca.com> Cc: Kees Cook <keescook@...omium.org>, linux-security-module <linux-security-module@...r.kernel.org>, James Morris <james.l.morris@...cle.com>, linux-doc@...r.kernel.org, "Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] Yama: remove needless CONFIG_SECURITY_YAMA_STACKED On Tue, Jul 21, 2015 at 3:48 PM, Casey Schaufler <casey@...aufler-ca.com> wrote: > On 7/21/2015 12:09 PM, Kees Cook wrote: >> Now that minor LSMs can cleanly stack with major LSMs, remove the unneeded >> config for Yama to be made to explicitly stack. Just selecting the main >> Yama CONFIG will allow it to work, regardless of the major LSM. Since >> distros using Yama are already forcing it to stack, this is effectively >> a no-op change. > > Today I can compile in all LSMs including Yama and pick the one I want. > If we made your change it would be impossible to build in Yama and not > use it. I suggest we hold off until after the security summit discussion This is true, but it's also true regardless of stacking. If Yama had a CONFIG_SECURITY_YAMA_ENABLED (or whatever bikeshed color), then you could enable Yama and not use it, yes? It would also allow people to default it as disabled, but then enable it at runtime via the ptrace_scope sysctl. josh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists