| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Jul 2016 14:41:57 -0400
From: Kees Cook <keescook@...omium.org>
To: Mickaël Salaün <mic@...ikod.net>,
James Morris <jmorris@...ei.org>
Cc: LKML <linux-kernel@...r.kernel.org>,
Mimi Zohar <zohar@...ux.vnet.ibm.com>,
"Luis R . Rodriguez" <mcgrof@...nel.org>,
Rusty Russell <rusty@...tcorp.com.au>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"# 3.4.x" <stable@...r.kernel.org>,
linux-security-module <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH v1] module: Fully remove the kernel_module_from_file hook
On Sat, Jul 9, 2016 at 2:19 PM, Mickaël Salaün <mic@...ikod.net> wrote:
> Fixes: a1db74209483 ("module: replace copy_module_from_fd with kernel version")
Oh, hrm, was that still in there? Thanks for the catch!
Acked-by: Kees Cook <keescook@...omium.org>
-Kees
>
> Signed-off-by: Mickaël Salaün <mic@...ikod.net>
> Cc: Mimi Zohar <zohar@...ux.vnet.ibm.com>
> Cc: Kees Cook <keescook@...omium.org>
> Cc: Luis R. Rodriguez <mcgrof@...nel.org>
> Cc: Rusty Russell <rusty@...tcorp.com.au>
> Cc: Linus Torvalds <torvalds@...ux-foundation.org>
> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> ---
> include/linux/lsm_hooks.h | 1 -
> include/linux/security.h | 1 -
> 2 files changed, 2 deletions(-)
>
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 7ae397669d8b..58c777ec8bcf 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -1455,7 +1455,6 @@ union security_list_options {
> int (*kernel_act_as)(struct cred *new, u32 secid);
> int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
> int (*kernel_module_request)(char *kmod_name);
> - int (*kernel_module_from_file)(struct file *file);
> int (*kernel_read_file)(struct file *file, enum kernel_read_file_id id);
> int (*kernel_post_read_file)(struct file *file, char *buf, loff_t size,
> enum kernel_read_file_id id);
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 14df373ff2ca..2b8c7d2a3fd8 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -307,7 +307,6 @@ void security_transfer_creds(struct cred *new, const struct cred *old);
> int security_kernel_act_as(struct cred *new, u32 secid);
> int security_kernel_create_files_as(struct cred *new, struct inode *inode);
> int security_kernel_module_request(char *kmod_name);
> -int security_kernel_module_from_file(struct file *file);
> int security_kernel_read_file(struct file *file, enum kernel_read_file_id id);
> int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
> enum kernel_read_file_id id);
> --
> 2.8.1
>
--
Kees Cook
Chrome OS & Brillo Security
Powered by blists - more mailing lists