lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 12 Feb 2020 10:26:01 -0500
From:   James Bottomley <James.Bottomley@...senPartnership.com>
To:     Mimi Zohar <zohar@...ux.ibm.com>,
        Tushar Sugandhi <tusharsu@...ux.microsoft.com>,
        joe@...ches.com, skhan@...uxfoundation.org,
        linux-integrity@...r.kernel.org
Cc:     sashal@...nel.org, nramas@...ux.microsoft.com,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 3/3] IMA: Add module name and base name prefix to log.

On Wed, 2020-02-12 at 09:29 -0500, Mimi Zohar wrote:
> On Tue, 2020-02-11 at 15:14 -0800, Tushar Sugandhi wrote:
> > The #define for formatting log messages, pr_fmt, is duplicated in
> > the
> > files under security/integrity.
> > 
> > This change moves the definition to security/integrity/integrity.h
> > and
> > removes the duplicate definitions in the other files under
> > security/integrity. Also, it adds KBUILD_MODNAME and
> > KBUILD_BASENAME prefix
> > to the log messages.
> > 
> > Signed-off-by: Tushar Sugandhi <tusharsu@...ux.microsoft.com>
> > Reviewed-by: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
> > Suggested-by: Joe Perches <joe@...ches.com>
> > Suggested-by: Shuah Khan <skhan@...uxfoundation.org>
> 
> <snip>
> 
> > diff --git a/security/integrity/integrity.h
> > b/security/integrity/integrity.h
> > index 73fc286834d7..b1bb4d2263be 100644
> > --- a/security/integrity/integrity.h
> > +++ b/security/integrity/integrity.h
> > @@ -6,6 +6,12 @@
> >   * Mimi Zohar <zohar@...ibm.com>
> >   */
> >  
> > +#ifdef pr_fmt
> > +#undef pr_fmt
> > +#endif
> > +
> > +#define pr_fmt(fmt) KBUILD_MODNAME ": " KBUILD_BASENAME ": " fmt
> > +
> >  #include <linux/types.h>
> >  #include <linux/integrity.h>
> >  #include <crypto/sha.h>
> 
> Joe, Shuah, including the pr_fmt() in integrity/integrity.h not only
> affects the integrity directory but everything below it.  Adding
> KBUILD_BASENAME to pr_fmt() modifies all of the existing IMA and EVM
> kernel messages.  Is that ok or should there be a separate pr_fmt()
> for the subdirectories?

Log messages are often consumed by log monitors, which mostly use
pattern matching to find messages they're interested in, so you have to
take some care when changing the messages the kernel spits out and you
have to make sure any change gets well notified so the distributions
can warn about it.

For this one, can we see a "before" and "after" message so we know
what's happening?

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ