lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87ikua4kyx.fsf@trenco.lwn.net>
Date: Wed, 02 Oct 2024 08:51:02 -0600
From: Jonathan Corbet <corbet@....net>
To: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>, Linus Torvalds
 <torvalds@...ux-foundation.org>
Cc: LKML <linux-kernel@...r.kernel.org>, Paul Moore <paul@...l-moore.com>
Subject: Re: [GIT PULL] tomoyo update for v6.12

Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> writes:

>> Even stranger, to me at least, is the backdoor symbol-export mechanism.
>> That seems like ... not the way we do things.  Was the need for this so
>> urgent that you couldn't try to get those symbols exported properly?
>
> Yes. This is a chicken-and-egg problem. Symbols not used by in-tree kernel
> code cannot be justified for export, but I can't prove that loadable LSM
> can work unless I export symbols.

Honestly, this is the part that concerns me the most.  The normal way to
deal with this is to create a series with both the exports and the users
so that they can be evaluated together.  Instead you seem to have
created just the sort of shim layer that we have not allowed in other
settings, then pushed it upstream without review.

What will you do if, for any reason, one or more of those symbols cannot
be exported?  Either you will circumvent that decision indefinitely with
your "temporary hack", or you will remove the hack, regressing things
for your users.  Neither seems like a good outcome; that is why we
normally want to actually review things like symbol exports before
pushing them into the mainline.

jon

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ