lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 31 Oct 2020 11:49:11 +0100 From: Steffen Klassert <steffen.klassert@...unet.com> To: Antony Antony <antony.antony@...unet.com> CC: Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, <netdev@...r.kernel.org>, <linux-security-module@...r.kernel.org>, "Antony Antony" <antony@...nome.org>, Stephan Mueller <smueller@...onox.de> Subject: Re: [PATCH] xfrm: redact SA secret with lockdown confidentiality On Fri, Oct 16, 2020 at 03:36:12PM +0200, Antony Antony wrote: > redact XFRM SA secret in the netlink response to xfrm_get_sa() > or dumpall sa. > Enable this at build time and set kernel lockdown to confidentiality. Wouldn't it be better to enable is at boot or runtime? This defaults to 'No' at build time, so distibutions will not compile it in. That means that noone who uses a kernel that comes with a Linux distribution can use that.
Powered by blists - more mailing lists