lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f930e51e-3eb9-4146-a68c-1f226304cc86@canonical.com>
Date: Wed, 2 Oct 2024 19:33:40 -0700
From: John Johansen <john.johansen@...onical.com>
To: Paul Moore <paul@...l-moore.com>,
 Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Jonathan Corbet <corbet@....net>,
 Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
 LKML <linux-kernel@...r.kernel.org>, linux-security-module@...r.kernel.org
Subject: Re: [GIT PULL] tomoyo update for v6.12

On 10/1/24 11:22, Paul Moore wrote:
> On Tue, Oct 1, 2024 at 12:36 PM Linus Torvalds
> <torvalds@...ux-foundation.org> wrote:
>> On Tue, 1 Oct 2024 at 07:00, Paul Moore <paul@...l-moore.com> wrote:
>>>
>>> Linus, it's unclear if you're still following this thread after the
>>> pull, but can you provide a little insight on your thoughts here?
> 
> ...
> 
>> If the consensus is that we should revert, I'll happily revert.
> 
> Starting tomorrow when I'm reliably back in front of computer I'll
> sort this out with the rest of the LSM folks.  Unless something
> unexpected comes up in the discussion I'll send you a revert later
> this week.
> 
I agree that this is the wrong approach and will add that it is
egregious enough that Ubuntu is going to have to disable Tomoyo as
it effectively allows by-passing signed module loads.

you can add my
Acked-by: John Johansen <john.johansen@...onical.com>

>> This
>> was all inside of the tomoyo subdirectory, so I didn't see it as some
>> kind of sidestepping, and treated the pull request as a regular
>> "another odd security subsystem update".
> 
> Yes, that's fair, I think you would need a deeper understanding of the
> LSM framework as well as an understanding of recent discussions on the
> list to appreciate all of the details.
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ