| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201611012153.IHJ52634.OSOLMFFOFVQJtH@I-love.SAKURA.ne.jp>
Date: Tue, 1 Nov 2016 21:53:09 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: casey@...aufler-ca.com, linux-security-module@...r.kernel.org,
jmorris@...ei.org
Cc: john.johansen@...onical.com, paul@...l-moore.com,
keescook@...omium.org, sds@...ho.nsa.gov,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v6 1/3] LSM: Add /sys/kernel/security/lsm
Casey Schaufler wrote:
> diff --git a/security/security.c b/security/security.c
> index f825304..f0a802ee 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -32,6 +32,7 @@
> /* Maximum number of letters for an LSM name string */
> #define SECURITY_NAME_MAX 10
>
> +char *lsm_names;
> /* Boot-time LSM user choice */
> static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
> CONFIG_DEFAULT_SECURITY;
> @@ -78,6 +79,22 @@ static int __init choose_lsm(char *str)
> }
> __setup("security=", choose_lsm);
>
> +static int lsm_append(char *new, char **result)
> +{
> + char *cp;
> +
> + if (*result == NULL) {
> + *result = kstrdup(new, GFP_KERNEL);
> + } else {
> + cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new);
> + if (cp == NULL)
> + return -ENOMEM;
> + kfree(*result);
> + *result = cp;
> + }
> + return 0;
> +}
> +
I didn't check past discussion, but how do you handle security_delete_hooks()
case (I mean, "selinux" will remain there when reading /sys/kernel/security/lsm
even after it is disabled at runtime)? I think holding module name as one of
"union security_list_options" members will avoid memory allocation handling
and simplify things.
Powered by blists - more mailing lists