| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <99FC4B6EFCEFD44486C35F4C281DC6732148DCEC@ORSMSX110.amr.corp.intel.com>
Date: Tue, 30 Oct 2018 21:53:20 +0000
From: "Schaufler, Casey" <casey.schaufler@...el.com>
To: Tim Chen <tim.c.chen@...ux.intel.com>,
Jiri Kosina <jikos@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>
CC: Tom Lendacky <thomas.lendacky@....com>,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
David Woodhouse <dwmw@...zon.co.uk>,
Andi Kleen <ak@...ux.intel.com>,
"Hansen, Dave" <dave.hansen@...el.com>,
"Mallick, Asit K" <asit.k.mallick@...el.com>,
Arjan van de Ven <arjan@...ux.intel.com>,
Jon Masters <jcm@...hat.com>,
Waiman Long <longman9394@...il.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"x86@...nel.org" <x86@...nel.org>,
"Schaufler, Casey" <casey.schaufler@...el.com>,
linux-security-module <linux-security-module@...r.kernel.org>
Subject: RE: [Patch v4 13/18] security: Update security level of a process
when modifying its dumpability
> -----Original Message-----
> From: Tim Chen [mailto:tim.c.chen@...ux.intel.com]
> Sent: Tuesday, October 30, 2018 2:31 PM
> To: Schaufler, Casey <casey.schaufler@...el.com>; Jiri Kosina
> <jikos@...nel.org>; Thomas Gleixner <tglx@...utronix.de>
> Cc: Tom Lendacky <thomas.lendacky@....com>; Ingo Molnar
> <mingo@...hat.com>; Peter Zijlstra <peterz@...radead.org>; Josh Poimboeuf
> <jpoimboe@...hat.com>; Andrea Arcangeli <aarcange@...hat.com>; David
> Woodhouse <dwmw@...zon.co.uk>; Andi Kleen <ak@...ux.intel.com>;
> Hansen, Dave <dave.hansen@...el.com>; Mallick, Asit K
> <asit.k.mallick@...el.com>; Arjan van de Ven <arjan@...ux.intel.com>; Jon
> Masters <jcm@...hat.com>; Waiman Long <longman9394@...il.com>;
> linux-kernel@...r.kernel.org; x86@...nel.org; linux-security-module <linux-
> security-module@...r.kernel.org>
> Subject: Re: [Patch v4 13/18] security: Update security level of a process when
> modifying its dumpability
>
> On 10/30/2018 01:57 PM, Schaufler, Casey wrote:
>
> >
> > This isn't an LSM hook and hence does not belong in this file.
> > arch_set_security() isn't descriptive, and is in fact a bad choice
> > as task_struct has a field "security". This function has nothing
> > to do with the task->security field, which is what I would expect
> > based on the name.
> >
>
> What file will be a logical place for this function?
kernel/cpu.c ? You're working with CPU localized mitigations, right?
You don't want it under security/ as that's all supposed to
be bits of the LSM infrastructure.
> >> +
> >> +int update_process_security(struct task_struct *task)
> >
> > Again, this isn't an LSM hook and does not belong in this file.
> > Also again, "security" isn't descriptive in the name.
> >
>
> Thanks.
>
> Tim
Powered by blists - more mailing lists