| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJHCu1K4g2==1oVosOHQeL251ct42tdo3MBUO84riYBBtQ8=oA@mail.gmail.com>
Date: Tue, 4 Jul 2017 12:12:34 +0200
From: Salvatore Mesoraca <s.mesoraca16@...il.com>
To: Kees Cook <keescook@...omium.org>
Cc: LKML <linux-kernel@...r.kernel.org>,
linux-security-module <linux-security-module@...r.kernel.org>,
"kernel-hardening@...ts.openwall.com"
<kernel-hardening@...ts.openwall.com>,
Brad Spengler <spender@...ecurity.net>,
PaX Team <pageexec@...email.hu>,
Casey Schaufler <casey@...aufler-ca.com>,
James Morris <james.l.morris@...cle.com>,
"Serge E. Hallyn" <serge@...lyn.com>
Subject: Re: [PATCH 01/11] S.A.R.A. Documentation
2017-06-28 0:51 GMT+02:00 Kees Cook <keescook@...omium.org>:
> On Mon, Jun 12, 2017 at 9:56 AM, Salvatore Mesoraca
> <s.mesoraca16@...il.com> wrote:
>> Adding documentation for S.A.R.A. LSM.
>>
>> Signed-off-by: Salvatore Mesoraca <s.mesoraca16@...il.com>
>> ---
>> Documentation/admin-guide/kernel-parameters.txt | 40 +++++
>> Documentation/security/00-INDEX | 2 +
>> Documentation/security/SARA.rst | 192 ++++++++++++++++++++++++
>> 3 files changed, 234 insertions(+)
>> create mode 100644 Documentation/security/SARA.rst
>>
>> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
>> index 0f5c3b4..f3ee12d 100644
>> --- a/Documentation/admin-guide/kernel-parameters.txt
>> +++ b/Documentation/admin-guide/kernel-parameters.txt
>> @@ -3702,6 +3702,46 @@
>> 1 -- enable.
>> Default value is set via kernel config option.
>>
>> + sara= [SARA] Disable or enable S.A.R.A. at boot time.
>> + If disabled this way S.A.R.A. can't be enabled
>> + again.
>> + Format: { "0" | "1" }
>> + See security/sara/Kconfig help text
>> + 0 -- disable.
>> + 1 -- enable.
>> + Default value is set via kernel config option.
>> +
>> + sara_usb_filtering= [SARA]
>> + Disable or enable S.A.R.A. USB Filtering at boot
>> + time.
>> + Format: { "0" | "1" }
>> + See security/sara/Kconfig help text
>> + 0 -- disable.
>> + 1 -- enable.
>> + Default value is 1.
>> +
>> + sara_usb_filtering_default= [SARA]
>> + Set S.A.R.A. USB Filtering default action.
>> + Format: { "a" | "d" }
>> + See security/sara/Kconfig help text
>> + a -- allow.
>> + d -- deny.
>> + Default value is set via kernel config option.
>> +
>> + sara_wxprot= [SARA] Disable or enable S.A.R.A. WX Protection
>> + at boot time.
>> + Format: { "0" | "1" }
>> + See security/sara/Kconfig help text
>> + 0 -- disable.
>> + 1 -- enable.
>> + Default value is 1.
>> +
>> + sara_wxprot_default_flags= [SARA]
>> + Set S.A.R.A. WX Protection default flags.
>> + Format: <integer>
>> + See S.A.R.A. documentation.
>> + Default value is set via kernel config option.
>> +
>
> As an organizational note, I would suggest making these all regular
> "module parameters", which would let them be automatically namespaced
> under "sara". For example "sara.enabled", "sara.wxprot", etc. For
> example, this is how LoadPin does it for "loadpin.enabled":
>
> /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */
> module_param(enabled, int, 0);
> MODULE_PARM_DESC(enabled, "Pin module/firmware loading (default: true)");
I apologize to be so late to answer you.
I completely missed this email.
I'll follow your suggestion in v3, thank you.
Powered by blists - more mailing lists