| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhQE6xXQ1E1hmWzbrPNyVh_gKsp8U_GnPYr=0gS_RMATWQ@mail.gmail.com> Date: Mon, 21 Apr 2025 22:38:09 -0400 From: Paul Moore <paul@...l-moore.com> To: Alexei Starovoitov <alexei.starovoitov@...il.com> Cc: Blaise Boscaccy <bboscaccy@...ux.microsoft.com>, Jonathan Corbet <corbet@....net>, David Howells <dhowells@...hat.com>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, Masahiro Yamada <masahiroy@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Nicolas Schier <nicolas@...sle.eu>, Shuah Khan <shuah@...nel.org>, Mickaël Salaün <mic@...ikod.net>, Günther Noack <gnoack@...gle.com>, Nick Desaulniers <nick.desaulniers+lkml@...il.com>, Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>, Jarkko Sakkinen <jarkko@...nel.org>, Jan Stancek <jstancek@...hat.com>, Neal Gompa <neal@...pa.dev>, "open list:DOCUMENTATION" <linux-doc@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, keyrings@...r.kernel.org, Linux Crypto Mailing List <linux-crypto@...r.kernel.org>, LSM List <linux-security-module@...r.kernel.org>, Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>, "open list:KERNEL SELFTEST FRAMEWORK" <linux-kselftest@...r.kernel.org>, bpf <bpf@...r.kernel.org>, clang-built-linux <llvm@...ts.linux.dev>, nkapron@...gle.com, Matteo Croce <teknoraver@...a.com>, Roberto Sassu <roberto.sassu@...wei.com>, Cong Wang <xiyou.wangcong@...il.com> Subject: Re: [PATCH v2 security-next 1/4] security: Hornet LSM On Mon, Apr 21, 2025 at 7:48 PM Alexei Starovoitov <alexei.starovoitov@...il.com> wrote: > On Mon, Apr 21, 2025 at 3:04 PM Paul Moore <paul@...l-moore.com> wrote: > > On Mon, Apr 21, 2025 at 4:13 PM Alexei Starovoitov > > <alexei.starovoitov@...il.com> wrote: > > > On Wed, Apr 16, 2025 at 10:31 AM Blaise Boscaccy > > > <bboscaccy@...ux.microsoft.com> wrote: > > > > > > > > > Hacking into bpf internal objects like maps is not acceptable. > > > > > > > > We've heard your concerns about kern_sys_bpf and we agree that the LSM > > > > should not be calling it. The proposal in this email should meet both of > > > > our needs > > > > https://lore.kernel.org/bpf/874iypjl8t.fsf@microsoft.com/ > > > > ... > > > > > Calling bpf_map_get() and > > > map->ops->map_lookup_elem() from a module is not ok either. > > > > A quick look uncovers code living under net/ which calls into these APIs. > > and your point is ? Simply the observation that the APIs you've mentioned are currently being used by code living under net/; you're free to take from that whatever you will. > Again, Nack to hacking into bpf internals from LSM, > module or kernel subsystem. I heard you the first time and rest assured I've noted your general objection regarding use of the BPF API. I'm personally still interested in seeing a v3 before deciding on next steps as there were a number of other issues mentioned during the v2 review that need attention. I would encourage you to continue to participate in future reviews of Hornet, but of course that is entirely up to you. In the absence of any additional review feedback, I'll preserve your NACK if we ever get to a point that your comments are worth mentioning. -- paul-moore.com
Powered by blists - more mailing lists