lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Aug 2020 08:00:38 +0200 From: Antony Antony <antony.antony@...unet.com> To: David Miller <davem@...emloft.net> CC: <antony.antony@...unet.com>, <steffen.klassert@...unet.com>, <netdev@...r.kernel.org>, <herbert@...dor.apana.org.au>, <smueller@...onox.de>, <antony@...nome.org> Subject: Re: [PATCH ipsec-next v3] xfrm: add /proc/sys/core/net/xfrm_redact_secret On Thu, Aug 20, 2020 at 15:42:22 -0700, David Miller wrote: > From: Antony Antony <antony.antony@...unet.com> > Date: Thu, 20 Aug 2020 20:35:49 +0200 > > > Redacting secret is a FIPS 140-2 requirement. > > Why not control this via the kernel lockdown mode rather than making > an ad-hoc API for this? Let me try to use kernel lockdown mode. thanks for the idea. >From a quick googling I guess it would be part of "lockdown= confidentiality". I wonder if kernel lockdown would allow disabling just this one feature independent of other lockdowns. -antony
Powered by blists - more mailing lists