On Wed, Mar 7, 2018 at 12:23 PM, Casey Schaufler <ca...@schaufler-ca.com> wrote: > On 3/7/2018 11:18 AM, Sargun Dhillon wrote: >> On Wed, Mar 7, 2018 at 9:45 AM, Casey Schaufler <ca...@schaufler-ca.com> >> wrote: >>> On 3/6/2018 11:23 PM, Sargun Dhillon wrote: >>>> This commit should have no functional change. It changes the security hook >>>> list heads struct into an array. Additionally, it exposes all of the hooks >>>> via an enum. This loses memory layout randomization as the enum is not >>>> randomized. >>> Please explain why you want to do this. I still dislike it. >>> >> Do you dislike it because of the loss of randomization, or some other reason? > > I dislike a huge array of untyped function pointers. > I dislike the loss of type checking in security.c > Ok, I can go back to that. My previous approach was using two list_heads, but people suggested otherwise. Would you be okay with the
>> The reason for not just having a second list_heads is that it's >> somewhat ugly having to replicate that structure twice -- once for >> dynamic hooks, and once for 'static' hooks. > > There was discussion about this some time ago. In the case > where you don't allow dynamic hooks, you mark the lists ro_after_init > whereas in the case with them you don't, but use the locking. > > Why expose the compiled-in hooks to being RW? To me, having two list_heads seems better, because you have the built-in ones be read only, and the ones at load time be read/write. In fact, we could protect the r/w with pmalloc? >> Instead, we have one enum that LSMs can use and two arrays of heads >> rather than an entire unrolled set of list_heads. > > But how is this better? What is the advantage? > >> >> If we had a way to randomize this, would it make you comfortable? >> >
