lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1ce2b55e-5dd0-b147-5570-55e8db774055@linux.microsoft.com>
Date:   Fri, 13 Nov 2020 09:23:14 -0800
From:   Tushar Sugandhi <tusharsu@...ux.microsoft.com>
To:     Mimi Zohar <zohar@...ux.ibm.com>, stephen.smalley.work@...il.com,
        casey@...aufler-ca.com, agk@...hat.com, snitzer@...hat.com,
        gmazyland@...il.com, paul@...l-moore.com
Cc:     tyhicks@...ux.microsoft.com, sashal@...nel.org, jmorris@...ei.org,
        nramas@...ux.microsoft.com, linux-integrity@...r.kernel.org,
        selinux@...r.kernel.org, linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org, dm-devel@...hat.com
Subject: Re: [PATCH v5 3/7] IMA: add hook to measure critical data


>>> Including "data_source" here isn't quite right.  "data source" should
>>> only be added in the first patch which uses it, not here.   When adding
>>> it please shorten the field description to "kernel data source".   The
>>> longer explanation can be included in the longer function description.
>>>
>> *Question*
>> Do you mean the parameter @event_data_source should be removed from this
>> patch? And then later added in patch 7/7 – where SeLinux uses it?
> 
> Data source support doesn't belong in this patch.  Each patch should do
> one logical thing and only that one thing.  This patch is adding
> support for measuring critical data.  The data source patch will limit
> the critical data being measured.
> 
> Other than updating the data source list in the documentation,
> definitely do not add data source support to the SELinux patch.
> 
> thanks,
> 
> Mimi
> 
Makes sense, I will move the data_source from this patch to a
separate one before SeLinux.
And the SeLinux patch will simply update the documentation.

Thanks Mimi.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ