Date: Sun, 10 Jun 2018 09:40:53 +0200 From: Salvatore Mesoraca <s.mesoraca16@...il.com> To: Steve Kemp <steve.backup.kemp@...il.com> Cc: Kernel Hardening <kernel-hardening@...ts.openwall.com>, LSM List <linux-security-module@...r.kernel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem 2018-06-04 18:57 GMT+02:00 Steve Kemp <steve.backup.kemp@...il.com>: >> A configurable LSM is probably the right way to do this. > > I wonder how many out of tree LSM there are? Looking at the mainline > kernel the only "small" LSM bundled is YAMA, and it seems that most of > the patches proposing new ones eventually die out. > > I appreciate that there are probably a lot of "toy" or "local" modules > out there for specific fields, companies, or products, but it does > seem odd that there are so few discussed publicly. > > (The last two I remember were S.A.R.A and something relating to > xattr-attributes being used to whitelist execution.) FWIW S.A.R.A. is not dead . Unfortunately it needs infrastructure managed security blobs, so I didn't tried to get it upstream, yet. Of course, I can't give you any guarantees about when or if it will be upstreamed, but it's definitely still alive.  https://github.com/smeso/sara/releases/latest
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.