Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <201702142150.BEF81226.tOOFQVFJOHFMSL@I-love.SAKURA.ne.jp>
Date: Tue, 14 Feb 2017 21:50:36 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: jmorris@...ei.org
Cc: keescook@...omium.org, linux-security-module@...r.kernel.org,
        kernel-hardening@...ts.openwall.com
Subject: Re: Re: [RFC PATCH 1/4] security: mark LSM hooks as __ro_after_init

James Morris wrote:
> > Disallowing dynamically loadable security modules is as silly idea as
> > getting rid of LSM framework ( https://lwn.net/Articles/138042/ 
> > http://lkml.kernel.org/r/alpine.LFD.0.999.0710010854120.3579@woody.linux-foundation.org )
> > unless we accept whatever out-of-tree LSM modules and maintain them as in-tree
> > modules and enable them in distributor's kernels. But such things won't happen.
> > If we legally allow LKM based LSMs, we don't need to make security/ directory
> > look like /dev/random .
> 
> Dynamically loadable LSMs are legally allowed, we just don't cater to them 
> in mainline.
> 
I'm saying that this patch will make dynamically loadable LSMs illegal, for
not allowing updating struct list_head prevents dynamically loadable LSMs from
registering.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.