Date: Thu, 30 Nov 2017 09:16:36 -0500 From: Theodore Ts'o <tytso@....edu> To: Djalal Harouni <tixxdz@...il.com> Cc: Daniel Micay <danielmicay@...il.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Kees Cook <keescook@...omium.org>, Jessica Yu <jeyu@...nel.org>, LSM List <linux-security-module@...r.kernel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com> Subject: Re: Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules On Thu, Nov 30, 2017 at 09:50:27AM +0100, Djalal Harouni wrote: > In embedded systems we can't maintain a SELinux policy, distro man > power hardly manage. We have abstracted seccomp etc, but the kernel > inherited the difficult multiplex things, plus all other paths that > trigger this..... > Yes, but it is hard to maintain a whitelist policy, the code is hardly > maintained... So this is the part that scares me to death about IOT, and why I tell everyone to ***never*** trust an IOT device on their home network, and ***never*** trust it with anything you don't mind splattered all over the front page of NY Times and RT / Sputnick news. You're saying that you want to use modules (as opposed to compile everything tightly down to just what you need for the embedded system); that the code is "hardly maintained". And yet we're supposed to consider it trustworthy? If that's the case, turning off implicit module loading sounds and thinking that this will somehow be a magic wand sounds.... crazy. - Ted
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.