lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <407A11DD-932D-441E-B4EC-673F4423CEDD@kernel.org>
Date:   Sun, 24 Sep 2023 12:48:15 -0700
From:   Kees Cook <kees@...nel.org>
To:     Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
        Kees Cook <keescook@...omium.org>
CC:     Casey Schaufler <casey@...aufler-ca.com>, paul@...l-moore.com,
        linux-security-module@...r.kernel.org, jmorris@...ei.org,
        serge@...lyn.com, john.johansen@...onical.com,
        stephen.smalley.work@...il.com, linux-kernel@...r.kernel.org,
        linux-api@...r.kernel.org, mic@...ikod.net,
        Dave Chinner <david@...morbit.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Jonathan Corbet <corbet@....net>
Subject: Re: [PATCH v15 01/11] LSM: Identify modules by more than name

On September 24, 2023 4:06:07 AM PDT, Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> wrote:
>Patch description says
>
>  The LSM ID values are sequential, with the oldest module
>  LSM_ID_CAPABILITY being the lowest value and the existing modules
>  numbered in the order they were included in the main line kernel.
>  This is an arbitrary convention for assigning the values, but
>  none better presents itself. The value 0 is defined as being invalid.

"in the order they were included in the main line kernel" Out of trees aren't in main line.

And "This is an arbitrary convention" specifically says it's arbitrary.

There is literally nothing here stopping out of tree modules. I have proven this, and so have you with these quotes. What is left to object to?

>You withdraw your "Reviewed-by" response unless "The LSM ID values are sequential"
>and "must be approved by the LSM maintainers" are removed and "the LSM maintainers/community
>shall never complain about what names and/or values are assigned" is added, don't you?

*For main line kernels*

Please, understand both the *intent* and *reality*: this does not block out of tree LSMs, full stop.

>Keeping how the HUGE space is used under control of the LSM community will be
>better for both in-tree and out-of-tree LSM modules. I really can't understand
>why you don't want to utilize this opportunity.

I cannot understand what else you need to hear.

-Kees


-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ