lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y1jL8ZiCO+a7n8Wz@kroah.com>
Date:   Wed, 26 Oct 2022 07:56:01 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Casey Schaufler <casey@...aufler-ca.com>
Cc:     casey.schaufler@...el.com, paul@...l-moore.com,
        linux-security-module@...r.kernel.org, jmorris@...ei.org,
        keescook@...omium.org, john.johansen@...onical.com,
        penguin-kernel@...ove.sakura.ne.jp, stephen.smalley.work@...il.com,
        linux-kernel@...r.kernel.org, linux-api@...r.kernel.org,
        mic@...ikod.net
Subject: Re: [PATCH v1 1/8] LSM: Identify modules by more than name

On Tue, Oct 25, 2022 at 11:45:12AM -0700, Casey Schaufler wrote:
> Create a struct lsm_id to contain identifying information
> about Linux Security Modules (LSMs). At inception this contains
> a single member, which is the name of the module. Change the
> security_add_hooks() interface to use this structure. Change
> the individual modules to maintain their own struct lsm_id and
> pass it to security_add_hooks().
> 
> Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
> ---
>  include/linux/lsm_hooks.h    | 11 +++++++++--
>  security/apparmor/lsm.c      |  6 +++++-
>  security/bpf/hooks.c         | 11 ++++++++++-
>  security/commoncap.c         |  6 +++++-
>  security/landlock/cred.c     |  2 +-
>  security/landlock/fs.c       |  2 +-
>  security/landlock/ptrace.c   |  2 +-
>  security/landlock/setup.c    |  4 ++++
>  security/landlock/setup.h    |  1 +
>  security/loadpin/loadpin.c   |  7 ++++++-
>  security/lockdown/lockdown.c |  6 +++++-
>  security/safesetid/lsm.c     |  7 ++++++-
>  security/security.c          | 12 ++++++------
>  security/selinux/hooks.c     |  7 ++++++-
>  security/smack/smack_lsm.c   |  6 +++++-
>  security/tomoyo/tomoyo.c     |  7 ++++++-
>  security/yama/yama_lsm.c     |  6 +++++-
>  17 files changed, 82 insertions(+), 21 deletions(-)
> 
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 4ec80b96c22e..e383e468f742 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -1602,6 +1602,13 @@ struct security_hook_heads {
>  	#undef LSM_HOOK
>  } __randomize_layout;
>  
> +/*
> + * Information that identifies a security module.
> + */
> +struct lsm_id {
> +	const char	*lsm;		/* Name of the LSM */

Based on the "unsigned vs. signed char" discussion happening on lkml
right now, this should really be "u8".

Also, can you use kerneldoc formatting so that the field name is not
after the variable, but above it in the comment, so that the kernel doc
tools will properly pick it up?

And what is going to guarantee the uniqueness of this string?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ