lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 10 Oct 2021 14:48:14 -0700
From:   Andrew Morton <>
To:     Mickaël Salaün <>
Cc:     Al Viro <>,
        Aleksa Sarai <>,
        Andy Lutomirski <>,
        Arnd Bergmann <>,
        Casey Schaufler <>,
        Christian Brauner <>,
        Christian Heimes <>,
        Deven Bowers <>,
        Dmitry Vyukov <>,
        Eric Biggers <>,
        Eric Chiang <>,
        Florian Weimer <>,
        Geert Uytterhoeven <>,
        James Morris <>, Jan Kara <>,
        Jann Horn <>, Jonathan Corbet <>,
        Kees Cook <>,
        Lakshmi Ramasubramanian <>,
        "Madhavan T . Venkataraman" <>,
        Matthew Garrett <>,
        Matthew Wilcox <>,
        Miklos Szeredi <>,
        Mimi Zohar <>,
        Paul Moore <>,
        Philippe Trébuchet 
        Scott Shell <>,
        Shuah Khan <>,
        Steve Dower <>,
        Steve Grubb <>,
        Thibaut Sautereau <>,
        Vincent Strubel <>,,,,,,
Subject: Re: [PATCH v14 0/3] Add trusted_for(2) (was O_MAYEXEC)

On Fri,  8 Oct 2021 12:48:37 +0200 Mickaël Salaün <> wrote:

> The final goal of this patch series is to enable the kernel to be a
> global policy manager by entrusting processes with access control at
> their level.  To reach this goal, two complementary parts are required:
> * user space needs to be able to know if it can trust some file
>   descriptor content for a specific usage;
> * and the kernel needs to make available some part of the policy
>   configured by the system administrator.

Apologies if I missed this...

It would be nice to see a description of the proposed syscall interface
in these changelogs!  Then a few questions I have will be answered...

long trusted_for(const int fd,
		 const enum trusted_for_usage usage,
		 const u32 flags)

- `usage' must be equal to TRUSTED_FOR_EXECUTION, so why does it
  exist?  Some future modes are planned?  Please expand on this.

- `flags' is unused (must be zero).  So why does it exist?  What are
  the plans here?

- what values does the syscall return and what do they mean?

Powered by blists - more mailing lists