lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4586C0C5.4010502@hp.com>
Date:	Mon, 18 Dec 2006 11:24:37 -0500
From:	Paul Moore <paul.moore@...com>
To:	James Morris <jmorris@...ei.org>
Cc:	netdev@...r.kernel.org, selinux@...ho.nsa.gov
Subject: Re: [PATCH 0/2] A bugfix patchset for NetLabel

James Morris wrote:
> On Fri, 15 Dec 2006, paul.moore@...com wrote:
>  
>>This patch set fixes two bugs that were found recently when adding new CIPSOv4
>>DOI definitions.  These patches are pretty small and have been tested by a few
>>different people on several different platforms.
> 
> Applied to git://git.infradead.org/~jmorris/selinux-2.6#fixes

Thanks.

>>Please apply these for 2.6.20 and they should probably be pushed to the 2.6.19
>>stable tree as well; is there anything special I need to do for that?
> 
> I'm not sure that they qualify.
> 
> The first is a privileged operation, right?

Yes it is, you need CAP_NET_ADMIN.  I guess this probably isn't that important
for 2.6.19 then ...

> For the second, what are the implications of mapping to zero?
> 
> Also review Documentation/stable_kernel_rules.txt.

[Thanks for the pointer, didn't know that file was there]

... however, I still think this might qualify for the 2.6.19 stable kernel.
When a MLS sensitivity level or category maps to zero then whenever the NetLabel
subsystem is called to resolve the security attributes of a packet it will, in
certain configurations, return security attributes/contexts which are incorrect.

Please let me know if you think that has merit for the stable tree and I'll send
the patch to the stable mailing list.

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ