On Sat, Apr 7, 2018 at 2:31 AM, Casey Schaufler wrote:
> On 4/5/2018 9:12 PM, Peter Dolding wrote:
>> On Fri, Apr 6, 2018 at 11:31 AM, Sargun Dhillon wrote:
>>>
>>> On Thu, Apr 5, 2018 at 9:29 AM, Casey Schaufler
>>> wrote:
On 4/5/2018 3:31 AM, Peter Dolding wrote:
> On Thu, Apr 5, 2018
On 4/5/2018 9:12 PM, Peter Dolding wrote:
> On Fri, Apr 6, 2018 at 11:31 AM, Sargun Dhillon wrote:
>>
>> On Thu, Apr 5, 2018 at 9:29 AM, Casey Schaufler
>> wrote:
>>> On 4/5/2018 3:31 AM, Peter Dolding wrote:
On Thu, Apr 5, 2018 at 7:55 PM, Igor Stoppa
wrote:
> On 01/04/18 08:41, S
On Fri, Apr 6, 2018 at 11:31 AM, Sargun Dhillon wrote:
>
>
> On Thu, Apr 5, 2018 at 9:29 AM, Casey Schaufler
> wrote:
>>
>> On 4/5/2018 3:31 AM, Peter Dolding wrote:
>> > On Thu, Apr 5, 2018 at 7:55 PM, Igor Stoppa
>> > wrote:
>> >> On 01/04/18 08:41, Sargun Dhillon wrote:
>> >>> The biggest sec
On Thu, Apr 5, 2018 at 9:29 AM, Casey Schaufler wrote:
>
> On 4/5/2018 3:31 AM, Peter Dolding wrote:
> > On Thu, Apr 5, 2018 at 7:55 PM, Igor Stoppa wrote:
> >> On 01/04/18 08:41, Sargun Dhillon wrote:
> >>> The biggest security benefit of this patchset is the introduction of
> >>> read-only hook
On 4/5/2018 3:31 AM, Peter Dolding wrote:
> On Thu, Apr 5, 2018 at 7:55 PM, Igor Stoppa wrote:
>> On 01/04/18 08:41, Sargun Dhillon wrote:
>>> The biggest security benefit of this patchset is the introduction of
>>> read-only hooks, even if some security modules have mutable hooks.
>>> Currently,
On Thu, Apr 5, 2018 at 9:34 PM, Igor Stoppa wrote:
> On 05/04/18 13:31, Peter Dolding wrote:
>> On Thu, Apr 5, 2018 at 7:55 PM, Igor Stoppa wrote:
>> There is a shade of grey between something being a security hazard and
>> something being a useful feature.
>
> Maybe the problem I see is only in
On 05/04/18 13:31, Peter Dolding wrote:
> On Thu, Apr 5, 2018 at 7:55 PM, Igor Stoppa wrote:
[...]
>> A) hooks that are either const or marked as RO after init
>>
>> B) hooks that are writable for a short time, long enough to load
>> additional, non built-in modules, but then get locked down
>
On Thu, Apr 5, 2018 at 7:55 PM, Igor Stoppa wrote:
> On 01/04/18 08:41, Sargun Dhillon wrote:
>> The biggest security benefit of this patchset is the introduction of
>> read-only hooks, even if some security modules have mutable hooks.
>> Currently, if you have any LSMs with mutable hooks it will
On 01/04/18 08:41, Sargun Dhillon wrote:
> The biggest security benefit of this patchset is the introduction of
> read-only hooks, even if some security modules have mutable hooks.
> Currently, if you have any LSMs with mutable hooks it will render all heads,
> and
> list nodes mutable. These are
The biggest security benefit of this patchset is the introduction of
read-only hooks, even if some security modules have mutable hooks.
Currently, if you have any LSMs with mutable hooks it will render all heads, and
list nodes mutable. These are a prime place to attack, because being able to
manip
10 matches
Mail list logo
