lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHC9VhQmV7=+eP0Rh6f+grz6=wigoHKuX5zZuMYVazsV8HVaVw@mail.gmail.com>
Date:   Thu, 20 Apr 2023 19:53:00 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [GIT PULL] LSM patches for v6.4

Hi Linus,

Due to some personal logistics challenges over the next few days I'm
sending the LSM pull request for Linux v6.4 a bit early.  Here is a
quick summary of the changes:

* Move the LSM hook comment blocks into security/security.c
For many years the LSM hook comment blocks were located in a very odd
place, include/linux/lsm_hooks.h, where they lived on their own,
disconnected from both the function prototypes and definitions.  In
keeping with current kernel conventions, this PR moves all of these
comment blocks to the top of the function definitions, transforming
them into the kdoc format in the process.  This should make it much
easier to maintain these comments, which are the main source of LSM
hook documentation.  For the most part the comment contents were left
as-is, although some glaring errors were corrected.  Expect additional
edits in the future as we slowly update and correct the comment
blocks.  This is the bulk of the PR's diffstat.

* Introduce LSM_ORDER_LAST
Similar to how LSM_ORDER_FIRST is used to specify LSMs which should be
ordered before "normal" LSMs, the LSM_ORDER_LAST is used to specify
LSMs which should be ordered after "normal" LSMs.  This is one of the
prerequisites for transitioning IMA/EVM to a proper LSM.

* Remove the security_old_inode_init_security() hook
The security_old_inode_init_security() LSM hook only allows for a
single xattr which is problematic both for LSM stacking and the
IMA/EVM-as-a-LSM effort.  This PR finishes the conversion over to the
security_inode_init_security() hook and removes the single-xattr LSM
hook.

* Fix a reiserfs problem with security xattrs
During the security_old_inode_init_security() removal work it became
clear that reiserfs wasn't handling security xattrs properly so we
fixed it.

Please merge, thanks.

--
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ