lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <877cavdgsu.fsf@trenco.lwn.net>
Date: Sat, 28 Sep 2024 07:54:57 -0600
From: Jonathan Corbet <corbet@....net>
To: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>, Linus Torvalds
 <torvalds@...ux-foundation.org>
Cc: LKML <linux-kernel@...r.kernel.org>, Paul Moore <paul@...l-moore.com>
Subject: Re: [GIT PULL] tomoyo update for v6.12

Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> writes:

> The following changes since commit ada1986d07976d60bed5017aa38b7f7cf27883f7:
>
>   tomoyo: fallback to realpath if symlink's pathname does not exist (2024-09-25 22:30:59 +0900)
>
> are available in the Git repository at:
>
>   git://git.code.sf.net/p/tomoyo/tomoyo.git tags/tomoyo-pr-20240927
>
> for you to fetch changes up to ada1986d07976d60bed5017aa38b7f7cf27883f7:
>
>   tomoyo: fallback to realpath if symlink's pathname does not exist (2024-09-25 22:30:59 +0900)
> ----------------------------------------------------------------
> One bugfix patch, one preparation patch, and one conversion patch.

[...]

> I was delivering pure LKM version of TOMOYO (named AKARI) to users who
> cannot afford rebuilding their distro kernels with TOMOYO enabled. But
> since the LSM framework was converted to static calls, it became more
> difficult to deliver AKARI to such users. Therefore, I decided to update
> TOMOYO so that people can use mostly LKM version of TOMOYO with minimal
> burden for both distributors and users.

I must confess that this change confuses me a bit.  Loadable LSM modules
have been out of the picture for a long time, has that changed now?

Even stranger, to me at least, is the backdoor symbol-export mechanism.
That seems like ... not the way we do things.  Was the need for this so
urgent that you couldn't try to get those symbols exported properly?

Thanks,

jon

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ