| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8c04f325-4a5b-4187-a108-791a2a2939eb@canonical.com> Date: Wed, 2 Oct 2024 19:24:28 -0700 From: John Johansen <john.johansen@...onical.com> To: Paul Moore <paul@...l-moore.com>, "Dr. Greg" <greg@...ellic.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Jonathan Corbet <corbet@....net>, Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>, LKML <linux-kernel@...r.kernel.org>, linux-security-module@...r.kernel.org Subject: Re: [GIT PULL] tomoyo update for v6.12 On 10/2/24 07:35, Paul Moore wrote: > On Wed, Oct 2, 2024 at 6:38 AM Dr. Greg <greg@...ellic.com> wrote: >> On Tue, Oct 01, 2024 at 09:36:16AM -0700, Linus Torvalds wrote: >>> On Tue, 1 Oct 2024 at 07:00, Paul Moore <paul@...l-moore.com> wrote: >>>> >>>> Linus, it's unclear if you're still following this thread after the >>>> pull, but can you provide a little insight on your thoughts here? >> >>> I absolutely hate the whole "security people keep arguing", and I >>> cannot personally find it in myself to care about tomoyo. I don't >>> even know where it is used - certainly not in Fedora, which is the >>> only distro I can check quickly. >>> >>> If the consensus is that we should revert, I'll happily revert. This >>> was all inside of the tomoyo subdirectory, so I didn't see it as >>> some kind of sidestepping, and treated the pull request as a regular >>> "another odd security subsystem update". >> >> I see that Paul Moore has further responded with commentary about the >> 'LSM community' responding to this issue. I wanted, on behalf of our >> project and in support of Tetsuo's concerns, to register directly with >> you a sense of jaded skepticism about the notion of a community >> response. >> >> Fixing Tetsuo's issue, at least to the extent it can be fixed, >> requires technical improvements in the Linux security architecture. >> Currently, potential technical improvements in this venue are >> struggling to receive any kind of acknowledgement or review, to the >> ultimate detriment of enhancements that Linux should be bringing >> forward to address, not only this issue, but the security industry >> writ-large. > > I've believe the LSM developer community is interesting in that it is > much smaller than many other kernel subsystems, despite the > substantial technical scope when one considers the LSM's reach within > the kernel. This brings about a number of challenges, the largest > being that reviewing ideas, documents, and code changes takes time. > Everyone always wants their personal patchset to land "right now!", > but it's important that the changes are given the proper review and > testing. You don't have to look any further than the recent static > call changes to see a perfect example of how overly aggressive > attitudes toward merging would have resulted in a number of real world > failures. I agree that a quicker pace would be nice, but I'm not > willing to trade off reliability or correctness so people's favorite > feature can land in Linus' tree a bit quicker. > > Independent of everything above, it is important to note that the pace > of changes in the LSM framework over the past two years has increased > significantly. Even ignoring some of the administrative improvements, > e.g. process documentation, since 2022 the LSM community has been > merging code at a pace much higher than we've seen during the entirety > of the "git age": > > [NOTE: using 'security/security.c' to be representative of LSM > framework specific changes seems reasonable for a quick metric] > > # previous two years (reference) > % git log --after="2022" --before="2024" \ > --oneline security/security.c | wc -l > 141 > > % git log --after="2020" --before="2022" ... > 50 > % git log --after="2018" --before="2020" ... > 82 > % git log --after="2016" --before="2018" ... > 43 > % git log --after="2014" --before="2016" ... > 47 > % git log --after="2012" --before="2014" ... > 25 > % git log --after="2010" --before="2012" ... > 62 > % git log --after="2008" --before="2010" ... > 56 > % git log --after="2006" --before="2008" ... > 36 > % git log --after="2004" --before="2006" ... > 4 > % git log --after="2002" --before="2004" ... > 0 > >> We have made multiple submissions of technology, that can at least >> positively impact Tetsuo's concerns, and in the process perhaps >> improve the opportunity for security innovation in Linux. After 20 >> months of doing so we have yet to receive anything that would resemble >> substantive technical review [1]. > > I disagree. I've personally reviewed two of your LSM revisions, > providing feedback on both. Unfortunately both times I've not made it > past the documentation as there have been rather significant issues > which I didn't believe were properly addressed from one revision to > the next. From what I've seen on the mailing list, others have > identified similarly serious concerns which in my opinion have not > received adequate responses. > > The TSEM LSM is still queued for review, but based on prior reviews it > currently sits at a lower priority. I realize this is frustrating, > but I have to prioritize work based on impact and perceived quality. > Bandwidth is a very real issue. TSEM is also on my to review list, but finding making the time to make it through the full set has so far been impossible. Heck I am weeks behind on the apparmor list, and I have apparmor patches to send that I haven't been able to get time to do.
Powered by blists - more mailing lists