lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180401200827.GA28101@mail.hallyn.com>
Date:   Sun, 1 Apr 2018 15:08:27 -0500
From:   "Serge E. Hallyn" <serge@...lyn.com>
To:     Masanobu Koike <masanobu2.koike@...hiba.co.jp>
Cc:     jmorris@...ei.org, serge@...lyn.com,
        linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC v3 0/2] WhiteEgret LSM module

Quoting Masanobu Koike (masanobu2.koike@...hiba.co.jp):
...
> Assumptions and ToDos
> 
> At this stage, WhiteEgret assumes the following.
> Relaxing these assumptions are future works.
> - Root is not compromised. And using a whitelist and a WEUA
> requires root privilege.
> - WEUA is reliable.
> - It is allowed for scripting languages, e.g., Perl or Python,
> to read arbitrary scripts and to execute them.

Hi,

regardling the last one, do you have a plan for handling it?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ