Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9a8a38e0-d502-d6fc-5ea6-77f45539eba6@redhat.com>
Date: Mon, 13 Feb 2017 08:26:56 -0800
From: Laura Abbott <labbott@...hat.com>
To: Kees Cook <keescook@...omium.org>,
 Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Cc: James Morris <jmorris@...ei.org>,
 linux-security-module <linux-security-module@...r.kernel.org>,
 "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: Re: [RFC PATCH 1/4] security: mark LSM hooks
 as __ro_after_init

On 02/13/2017 06:59 AM, Kees Cook wrote:
> On Mon, Feb 13, 2017 at 2:33 AM, Tetsuo Handa
> <penguin-kernel@...ove.sakura.ne.jp> wrote:
>> James Morris wrote:
>>> As the regsitration of LSMs is performed during init and then does
>>> not change, we can mark all of the regsitration hooks as __ro_after_init.
>>>
>>> Signed-off-by: James Morris <james.l.morris@...cle.com>
>>
>> This patch makes LKM based LSMs (e.g. AKARI) impossible.
>> I'm not happy with this patch.
> 
> LKM based LSMs don't exist yet, and when they do, we may also have the
> "write rarely" infrastructure done, which LKM based LSMs can use to
> update the structures.
> 
> -Kees
> 

Is someone actually working on the write rarely patches? If a version
has been sent out, I don't recall seeing it.

Thanks,
Laura

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.