lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 16 Jul 2023 19:36:54 -0500
From:   "Dr. Greg" <greg@...ellic.com>
To:     Randy Dunlap <rdunlap@...radead.org>
Cc:     linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 02/13] Add TSEM specific documentation.

On Mon, Jul 10, 2023 at 09:37:10PM -0700, Randy Dunlap wrote:

> Hi--

Good morning, I hope the week is starting well for everyone.

> On 7/10/23 03:23, Dr. Greg wrote:
> > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > index 9e5bab29685f..0e6640a78936 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -6468,6 +6468,24 @@
> >  			with CPUID.16h support and partial CPUID.15h support.
> >  			Format: <unsigned int>
> >  

> These 3 entries should be in alphabetical order: tsem_cache,
> tsem_digest, tsem_mode.

Now alphabetized.

> > +	tsem_mode=	[TSEM] Set the mode that the Trusted Security Event
> > +			Modeling LSM is to run in.
> > +			Format: 1
> > +			1 -- Disable root domain modeling.
> > +
> > +	tsem_cache=	[TSEM] Define the size of the caches used to hold
> > +			pointers to structures that will be used to model
> > +			security events occurring in the root modeling
> > +			namespace that are called in atomic context.
> > +			Format: <integer>
> > +			Default: 96

> What unit?  KB, MB, bytes, pages?

Our apologies, we obviously erred in the notion that referring to the
size of a cache of pointers would be understood to mean the number of
pointers.

We updated the documentation as follows:

tsem_cache=	[TSEM] Define the size of the caches used to hold
		pointers to structures that will be used to model
		security events occurring in the root modeling
		namespace that are called in atomic context.  The
		value is the size of the arrays of pointers to the
		pre-allocated structures that will be maintained.
		For example, a value of 16 means each array would
		have 16 entries in it.
		Format: <integer>
		Default: 96

> > +
> > +	tsem_digest=	[TSEM] Define the cryptographic hash function that
> > +			will be used to create security event coefficients
> > +			for in the root modeling namespace.

> 			for in
> ?

That must have been an untoward effect of the single-malt.

The documentation has been updated to read as follows:

tsem_digest=	[TSEM] Define the cryptographic hash function that
		will be used to generate the security event
		coefficients in the root modeling namespace.
		Format: {name of the cryptographic hash function}
		Default: sha256

> > +			Format: {name of the cryptographic hash function}
> > +			Default: sha256
> 
> -- 
> ~Randy

Thank you for the review comments.

Have a good week.

As always,
Dr. Greg

The Quixote Project - Flailing at the Travails of Cybersecurity

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ