| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Mar 2014 13:20:09 +0100 From: Steffen Klassert <steffen.klassert@...unet.com> To: Paul Moore <paul@...l-moore.com> CC: Nikolay Aleksandrov <nikolay@...hat.com>, <netdev@...r.kernel.org>, Dave Jones <davej@...hat.com>, Fan Du <fan.du@...driver.com>, "David S. Miller" <davem@...emloft.net>, <linux-security-module@...r.kernel.org> Subject: Re: Possible fix On Fri, Feb 28, 2014 at 05:10:47PM -0500, Paul Moore wrote: > On Friday, February 28, 2014 11:10:07 AM Nikolay Aleksandrov wrote: > > On 02/28/2014 08:23 AM, Steffen Klassert wrote: > > > > > > Looking at the git history, it seems that this bug is about nine > > > years old. I guess noone is actually using this. > > Most (all?) of the labeled IPsec users use the netlink interface and not pfkey > so it isn't surprising that this has gone unnoticed for some time. Right, that's not really surprising. But it is a bit surprising that we care for the security context only if we add a socket policy via the pfkey key manager. The security context is not handled if we do that with the netlink key manager, see xfrm_compile_policy(). I'm not that familiar with selinux and labeled IPsec, but maybe this needs to be implemented in xfrm_compile_policy() too. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists