lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Mar 2024 15:12:56 -0400
From: Paul Moore <paul@...l-moore.com>
To: Mimi Zohar <zohar@...ux.ibm.com>
Cc: Roberto Sassu <roberto.sassu@...weicloud.com>, dmitry.kasatkin@...il.com, 
	eric.snowberg@...cle.com, jmorris@...ei.org, serge@...lyn.com, 
	linux-integrity@...r.kernel.org, linux-security-module@...r.kernel.org, 
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, 
	linux-cifs@...r.kernel.org, viro@...iv.linux.org.uk, pc@...guebit.com, 
	christian@...uner.io, Roberto Sassu <roberto.sassu@...wei.com>, stable@...r.kernel.org
Subject: Re: [PATCH 2/2] ima: evm: Rename *_post_path_mknod() to *_path_post_mknod()

On Fri, Mar 29, 2024 at 11:17 AM Mimi Zohar <zohar@...ux.ibm.com> wrote:
> On Fri, 2024-03-29 at 11:56 +0100, Roberto Sassu wrote:
> > From: Roberto Sassu <roberto.sassu@...wei.com>
> >
> > Rename ima_post_path_mknod() and evm_post_path_mknod() respectively to
> > ima_path_post_mknod() and evm_path_post_mknod(), to facilitate finding
> > users of the path_post_mknod LSM hook.
> >
> > Cc: stable@...r.kernel.org # 6.8.x
>
> Since commit cd3cec0a02c7 ("ima: Move to LSM infrastructure") was upstreamed in
> this open window.  This change does not need to be packported and should be
> limited to IMA and EVM full fledge LSMs.
>
> > Reported-by: Christian Brauner <christian@...uner.io>
> > Closes:
> > https://lore.kernel.org/linux-kernel/20240328-raushalten-krass-cb040068bde9@brauner/
> > Fixes: 05d1a717ec04 ("ima: add support for creating files using the mknodat
> > syscall")
>
> "Fixes: 05d1a717ec04" should be removed.

I'd take it one step further and remove both 'Fixes' tags.  A 'Fixes'
tag implies a flaw in the functionality of the code, this is just a
function rename.

Another important thing to keep in mind about 'Fixes' tags, unless
you've told the stable kernel folks to only take patches that you've
explicitly marked for stable, they are likely going to attempt to
backport anything with a 'Fixes' tag.

Regardless, since I was looking at 1/2 I took a quick look at this
patch and it looks fine to me once the comments have been
incorporated.

Reviewed-by: Paul Moore <paul@...l-moore.com>

> > Fixes: cd3cec0a02c7 ("ima: Move to LSM infrastructure")
> > Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
>
> Acked-by: Mimi Zohar <zohar@...ux.ibm.com>

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ