lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20191015080834.GB16814@infradead.org>
Date:   Tue, 15 Oct 2019 01:08:34 -0700
From:   Christoph Hellwig <hch@...radead.org>
To:     Daniel Colascione <dancol@...gle.com>
Cc:     linux-api@...r.kernel.org, linux-kernel@...r.kernel.org,
        lokeshgidra@...gle.com, nnk@...gle.com, nosh@...gle.com,
        timmurray@...gle.com
Subject: Re: [PATCH 2/7] Add a concept of a "secure" anonymous file

On Sat, Oct 12, 2019 at 12:15:57PM -0700, Daniel Colascione wrote:
> A secure anonymous file is one we hooked up to its own inode (as
> opposed to the shared inode we use for non-secure anonymous files). A
> new selinux hook gives security modules a chance to initialize, label,
> and veto the creation of these secure anonymous files. Security
> modules had limit ability to interact with non-secure anonymous files
> due to all of these files sharing a single inode.

Again please add Al.  Also explain what the problem would be to always
use a separate inode.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ