Re: Linux Security *Module* Framework (Was: LSM conversion to static interface) | KernelTrap

Re: Linux Security Module Framework (Was: LSM conversion to static interface)

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Kyle Moffett <mrmacman_g4@...>

To: Serge E. Hallyn <serue@...>

Cc: David P. Quigley <dpquigl@...>, Jan Engelhardt <jengelh@...>, Simon Arlott <simon@...>, Adrian Bunk <bunk@...>, Chris Wright <chrisw@...>, <linux-kernel@...>, <linux-security-module@...>, Linus Torvalds <torvalds@...>, Andreas Gruenbacher <agruen@...>, Thomas Fricaccia <thomas_fricacci@...>, Jeremy Fitzhardinge <jeremy@...>, James Morris <jmorris@...>, Crispin Cowan <crispin@...>, Giacomo Catenazzi <cate@...>, Alan Cox <alan@...>

Subject: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

Date: Wednesday, October 24, 2007 - 11:50 pm

On Oct 24, 2007, at 17:37:04, Serge E. Hallyn wrote:
quoted text> The scariest thing to consider is programs which don't  
> appropriately handle failure.  So I don't know, maybe the system  
> runs a remote logger to which the multiadm policy gives some extra  
> privs, but now the portac module prevents it from sending its  
> data.  And maybe, since the authors never saw this failure as  
> possible, the program happens to dump sensitive data in a public  
> readable place.  I *could* be more vague but it'd be tough :)  But  
> you get the idea.

Well, there *was* that problem with sendmail where it did not  
properly check the result of setuid() and just assumed it had  
succeeded.  So instead of running as "smtpd" it was running as  
"root".   Not a happy memory.

Cheers,
Kyle Moffett

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: LSM conversion to static interface, Linus Torvalds, (Wed Oct 17, 10:18 pm)

Re: Re: LSM conversion to static interface, Crispin Cowan, (Sun Oct 21, 9:12 pm)

Re: LSM conversion to static interface, Andreas Gruenbacher, (Fri Oct 19, 4:26 pm)

Re: LSM conversion to static interface, James Morris, (Fri Oct 19, 5:07 pm)

Re: LSM conversion to static interface, Linus Torvalds, (Fri Oct 19, 4:40 pm)

Re: LSM conversion to static interface, Jan Engelhardt, (Sat Oct 20, 7:05 am)

Re: LSM conversion to static interface, James Morris, (Sat Oct 20, 6:57 pm)

Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 5:13 am)

Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Tue Oct 23, 12:09 am)

Re: LSM conversion to static interface [revert patch], James Morris, (Tue Oct 23, 12:56 am)

Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Tue Oct 23, 12:57 am)

Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 1:16 am)

Re: LSM conversion to static interface [revert patch], Jeremy Fitzhardinge, (Tue Oct 23, 8:31 pm)

Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Wed Oct 24, 1:06 am)

Linux Security *Module* Framework (Was: LSM conversion to st..., Simon Arlott, (Wed Oct 24, 7:50 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Tetsuo Handa, (Sat Oct 27, 10:08 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Crispin Cowan, (Mon Nov 5, 2:42 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Adrian Bunk, (Wed Oct 24, 8:55 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Simon Arlott, (Wed Oct 24, 2:11 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Adrian Bunk, (Wed Oct 24, 6:31 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Tilman Schmidt, (Thu Oct 25, 7:09 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Greg KH, (Thu Oct 25, 10:56 pm)

Out-of-tree modules [was: Linux Security *Module* Framework], Jan Engelhardt, (Mon Oct 29, 7:51 pm)

Re: Out-of-tree modules [was: Linux Security *Module* Framew..., Lee Revell, (Mon Oct 29, 8:46 pm)

Re: Out-of-tree modules [was: Linux Security *Module* Framew..., Jan Engelhardt, (Mon Oct 29, 9:19 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Tilman Schmidt, (Fri Oct 26, 5:46 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Adrian Bunk, (Fri Oct 26, 7:26 pm)

eradicating out of tree modules (was: : Linux Security *Modu..., Tilman Schmidt, (Sat Oct 27, 10:47 am)

Re: eradicating out of tree modules (was: : Linux Security *..., Adrian Bunk, (Sat Oct 27, 8:55 pm)

Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 2:51 pm)

Re: eradicating out of tree modules, Adrian Bunk, (Sun Oct 28, 3:25 pm)

Re: eradicating out of tree modules, Tilman Schmidt, (Mon Oct 29, 8:29 pm)

Re: eradicating out of tree modules, linux-os (Dick Johnson), (Tue Oct 30, 9:11 am)

Re: eradicating out of tree modules, Greg KH, (Tue Oct 30, 11:30 am)

Re: eradicating out of tree modules, Xavier Bestel, (Tue Oct 30, 9:19 am)

Re: eradicating out of tree modules, Stefan Richter, (Sun Oct 28, 5:25 am)

Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 8:01 am)

Re: eradicating out of tree modules, Stefan Richter, (Sun Oct 28, 10:37 am)

Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 12:55 pm)

Re: eradicating out of tree modules, Simon Arlott, (Sun Oct 28, 10:59 am)

Re: eradicating out of tree modules, Stefan Richter, (Sat Oct 27, 1:31 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Greg KH, (Fri Oct 26, 11:58 am)

eradicating out of tree modules (was: Linux Security *Module..., Tilman Schmidt, (Sat Oct 27, 10:07 am)

Re: eradicating out of tree modules (was: Linux Security *Mo..., Adrian Bunk, (Sat Oct 27, 9:21 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Simon Arlott, (Fri Oct 26, 12:32 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Fri Oct 26, 3:09 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Greg KH, (Fri Oct 26, 11:54 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Simon Arlott, (Thu Oct 25, 7:44 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Casey Schaufler, (Wed Oct 24, 6:58 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Chris Wright, (Wed Oct 24, 8:23 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Casey Schaufler, (Wed Oct 24, 9:42 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Toshiharu Harada, (Mon Oct 29, 11:23 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Tue Oct 30, 4:40 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Toshiharu Harada, (Tue Oct 30, 5:21 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Crispin Cowan, (Tue Oct 30, 4:50 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Tue Oct 30, 5:27 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Pavel Machek, (Sat Oct 27, 2:22 pm)

Re: Linux Security *Module* Framework, Tilman Schmidt, (Sun Oct 28, 3:42 pm)

Re: Linux Security *Module* Framework, Jan Engelhardt, (Sun Oct 28, 4:46 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Ray Lee, (Wed Oct 24, 8:35 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Bernd Petrovitsch, (Thu Oct 25, 5:19 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Ray Lee, (Thu Oct 25, 12:04 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Bernd Petrovitsch, (Tue Oct 30, 5:41 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Arjan van de Ven, (Thu Oct 25, 1:10 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Alan Cox, (Wed Oct 24, 9:41 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Crispin Cowan, (Sun Oct 28, 6:08 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Arjan van de Ven, (Mon Oct 29, 1:12 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Peter Dolding, (Sun Oct 28, 7:55 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Alan Cox, (Sun Oct 28, 6:50 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., , (Mon Nov 26, 4:42 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Ray Lee, (Thu Oct 25, 2:17 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Pavel Machek, (Sat Oct 27, 2:29 pm)

RE: Linux Security *Module* Framework (Was: LSM conversion t..., Hua Zhong, (Sun Oct 28, 3:05 pm)

RE: Linux Security *Module* Framework (Was: LSM conversion t..., Hua Zhong, (Sun Oct 28, 2:48 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Alan Cox, (Thu Oct 25, 6:21 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., , (Thu Oct 25, 11:45 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Peter Dolding, (Fri Oct 26, 1:44 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., , (Wed Oct 24, 10:11 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Peter Dolding, (Wed Oct 24, 9:26 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Adrian Bunk, (Wed Oct 24, 7:32 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Linus Torvalds, (Wed Oct 24, 7:42 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Chris Wright, (Wed Oct 24, 8:41 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Toshiharu Harada, (Mon Oct 29, 11:37 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Arjan van de Ven, (Wed Oct 24, 10:19 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Casey Schaufler, (Wed Oct 24, 9:03 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Wed Oct 24, 2:51 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Crispin Cowan, (Wed Oct 24, 4:18 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Wed Oct 24, 4:46 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Casey Schaufler, (Wed Oct 24, 5:29 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Simon Arlott, (Wed Oct 24, 2:59 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Wed Oct 24, 3:04 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., David P. Quigley, (Wed Oct 24, 5:02 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Simon Arlott, (Thu Oct 25, 7:38 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Casey Schaufler, (Wed Oct 24, 5:58 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., David P. Quigley, (Wed Oct 24, 6:04 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Wed Oct 24, 5:42 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Serge E. Hallyn, (Wed Oct 24, 5:37 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Kyle Moffett, (Wed Oct 24, 11:50 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., , (Wed Oct 24, 9:50 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Wed Oct 24, 5:51 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., David P. Quigley, (Wed Oct 24, 6:02 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Wed Oct 24, 7:13 pm)

Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 8:32 pm)

Re: LSM conversion to static interface [revert patch], Jan Engelhardt, (Tue Oct 23, 5:10 am)

Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 5:13 am)

Re: LSM conversion to static interface [revert patch], Jan Engelhardt, (Tue Oct 23, 5:14 am)

Re: LSM conversion to static interface, Adrian Bunk, (Sun Oct 21, 6:59 pm)

Re: LSM conversion to static interface, Giacomo Catenazzi, (Tue Oct 23, 1:44 am)

Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 4:55 am)

Re: LSM conversion to static interface, Serge E. Hallyn, (Tue Oct 23, 11:20 am)

Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 11:28 am)

Re: LSM conversion to static interface, Serge E. Hallyn, (Tue Oct 23, 11:34 am)

Re: LSM conversion to static interface, , (Thu Oct 25, 6:23 am)

Re: LSM conversion to static interface, Giacomo A. Catenazzi, (Tue Oct 23, 5:14 am)

Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 5:18 am)

Navigation

Popular discussions


linux-kernel:
Jeff Garzik	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Christoph Hellwig	Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface for on access scan...
Heiko Carstens	Re: -mm merge plans for 2.6.23 -- sys_fallocate
Greg KH	[GIT PATCH] driver core patches against 2.6.24
git:

linux-netdev:
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Arjan van de Ven	Re: [GIT]: Networking
Jens Axboe	Re: [BUG] New Kernel Bugs
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
netbsd-tech-kern:
Emmanuel Dreyfus	fixing send(2) semantics (kern/29750)
Christos Zoulas	Re: Melting down your network [Subject changed]
Juan RP	Changing the I/O scheduler on-the-fly
Emmanuel Dreyfus	Re: fixing send(2) semantics (kern/29750)

Colocation donated by:

Who's online

There are currently 8 users and 988 guests online.

Online users

Syndicate