Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGXu5jK6Y3i+zoHhF1PyehmxURTVdmEcMPio0HGu=+sTiOz8Mg@mail.gmail.com>
Date: Mon, 13 Feb 2017 06:59:04 -0800
From: Kees Cook <keescook@...omium.org>
To: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Cc: James Morris <jmorris@...ei.org>, 
	linux-security-module <linux-security-module@...r.kernel.org>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: Re: [RFC PATCH 1/4] security: mark LSM hooks
 as __ro_after_init

On Mon, Feb 13, 2017 at 2:33 AM, Tetsuo Handa
<penguin-kernel@...ove.sakura.ne.jp> wrote:
> James Morris wrote:
>> As the regsitration of LSMs is performed during init and then does
>> not change, we can mark all of the regsitration hooks as __ro_after_init.
>>
>> Signed-off-by: James Morris <james.l.morris@...cle.com>
>
> This patch makes LKM based LSMs (e.g. AKARI) impossible.
> I'm not happy with this patch.

LKM based LSMs don't exist yet, and when they do, we may also have the
"write rarely" infrastructure done, which LKM based LSMs can use to
update the structures.

-Kees

-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.