Re: [TOMOYO 05/15](repost) Domain transition handler functions. | KernelTrap

Re: [TOMOYO 05/15](repost) Domain transition handler functions.

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Tetsuo Handa <penguin-kernel@...>

To: <yoshfuji@...>, <a.p.zijlstra@...>

Cc: <kaigai@...>, <jmorris@...>, <linux-kernel@...>, <linux-security-module@...>, <chrisw@...>

Subject: Re: [TOMOYO 05/15](repost) Domain transition handler functions.

Date: Wednesday, October 3, 2007 - 10:56 am

Hello.


YOSHIFUJI Hideaki wrote:
quoted text> It is not a good practice.  Please free such objects.
> BTW, how many objects do you have in the list?
It varies from 0 to some thousands,
depending on the policy supplied by the administrator and/or the policy appended by "learning mode".


Peter Zijlstra wrote:
quoted text> sounds like a might fine memory leak / dos attack.
TOMOYO Linux keeps the policy in CD-R's manner.
Thus, once an entry is written, it's pointer is valid forever.
TOMOYO Linux's simplicity (singly-linked list with no read_lock) comes from
this "keep the policy in CD-R's manner".
Yes, it is a kind of memory leak, but is controllable.

The kernel no longer requires memory after entering into "enforcing mode".
So, attackers can't do DoS attack after entering into "enforcing mode".


Regards.

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[TOMOYO 00/15](repost) TOMOYO Linux - MAC based on process i..., Kentaro Takeda, (Tue Oct 2, 3:25 am)

[TOMOYO 03/15](repost) Memory and pathname management functi..., Kentaro Takeda, (Tue Oct 2, 3:30 am)

Re: [TOMOYO 03/15](repost) Memory and pathname management fu..., James Morris, (Wed Oct 3, 3:39 am)

Re: [TOMOYO 03/15](repost) Memory and pathname management fu..., Tetsuo Handa, (Wed Oct 3, 7:12 am)

Re: [TOMOYO 00/15](repost) TOMOYO Linux - MAC based on proce..., Kentaro Takeda, (Tue Oct 2, 3:42 am)

Re: [TOMOYO 00/15](repost) TOMOYO Linux - MAC based on proce..., James Morris, (Tue Oct 2, 6:37 am)

Re: [TOMOYO 00/15](repost) TOMOYO Linux - MAC based on proce..., Kentaro Takeda, (Tue Oct 2, 6:58 am)

[TOMOYO 15/15](repost) Kconfig and Makefile for TOMOYO Linux., Kentaro Takeda, (Tue Oct 2, 3:40 am)

[TOMOYO 14/15](repost) LSM expansion for TOMOYO Linux., Kentaro Takeda, (Tue Oct 2, 3:39 am)

Re: [TOMOYO 14/15](repost) LSM expansion for TOMOYO Linux., James Morris, (Tue Oct 2, 10:36 am)

Re: [TOMOYO 14/15](repost) LSM expansion for TOMOYO Linux., Tetsuo Handa, (Tue Oct 2, 5:49 pm)

Re: [TOMOYO 14/15](repost) LSM expansion for TOMOYO Linux., James Morris, (Tue Oct 2, 8:48 am)

Re: [TOMOYO 14/15](repost) LSM expansion for TOMOYO Linux., Tetsuo Handa, (Tue Oct 2, 9:33 am)

[TOMOYO 13/15](repost) Conditional permission support., Kentaro Takeda, (Tue Oct 2, 3:39 am)

[TOMOYO 12/15](repost) LSM adapter for TOMOYO., Kentaro Takeda, (Tue Oct 2, 3:38 am)

[TOMOYO 11/15](repost) Signal transmission control functions., Kentaro Takeda, (Tue Oct 2, 3:37 am)

[TOMOYO 10/15](repost) Namespace manipulation control functi..., Kentaro Takeda, (Tue Oct 2, 3:37 am)

[TOMOYO 09/15](repost) Networking access control functions., Kentaro Takeda, (Tue Oct 2, 3:36 am)

[TOMOYO 08/15](repost) Argv[0] access control functions., Kentaro Takeda, (Tue Oct 2, 3:35 am)

[TOMOYO 07/15](repost) File access control functions., Kentaro Takeda, (Tue Oct 2, 3:34 am)

[TOMOYO 06/15](repost) Auditing interface., Kentaro Takeda, (Tue Oct 2, 3:33 am)

[TOMOYO 05/15](repost) Domain transition handler functions., Kentaro Takeda, (Tue Oct 2, 3:32 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., James Morris, (Tue Oct 2, 7:15 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Tetsuo Handa, (Tue Oct 2, 8:44 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., James Morris, (Tue Oct 2, 9:07 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Tetsuo Handa, (Wed Oct 3, 7:24 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., YOSHIFUJI Hideaki / , (Wed Oct 3, 7:43 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., James Morris, (Wed Oct 3, 8:37 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Tetsuo Handa, (Mon Oct 15, 8:09 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Tetsuo Handa, (Wed Oct 3, 9:04 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., KaiGai Kohei, (Wed Oct 3, 9:14 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Tetsuo Handa, (Wed Oct 3, 9:59 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Peter Zijlstra, (Wed Oct 3, 10:07 am)

Sleeping in RCU list traversal, Tetsuo Handa, (Sun Oct 7, 6:38 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Tetsuo Handa, (Wed Oct 3, 10:26 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Jiri Kosina, (Wed Oct 3, 10:37 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Peter Zijlstra, (Wed Oct 3, 10:26 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., YOSHIFUJI Hideaki / , (Wed Oct 3, 10:32 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Tetsuo Handa, (Wed Oct 3, 10:56 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Tetsuo Handa, (Thu Oct 4, 8:57 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., James Morris, (Wed Oct 3, 10:39 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Peter Zijlstra, (Wed Oct 3, 9:24 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Tetsuo Handa, (Wed Oct 3, 10:19 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., David P. Quigley, (Wed Oct 3, 10:35 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Peter Zijlstra, (Wed Oct 3, 10:28 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Tetsuo Handa, (Mon Oct 15, 7:46 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., YOSHIFUJI Hideaki / , (Wed Oct 3, 9:11 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., Andi Kleen, (Tue Oct 2, 10:50 am)

Re: [TOMOYO 05/15](repost) Domain transition handler functio..., YOSHIFUJI Hideaki / , (Tue Oct 2, 9:00 am)

[TOMOYO 04/15](repost) Utility functions and securityfs inte..., Kentaro Takeda, (Tue Oct 2, 3:31 am)

Re: [TOMOYO 04/15](repost) Utility functions and securityfs ..., Paul Mundt, (Tue Oct 2, 4:05 am)

Re: [TOMOYO 04/15](repost) Utility functions and securityfs ..., Greg KH, (Tue Oct 2, 10:15 am)

[TOMOYO 02/15](repost) Data structures and prototypes defini..., Kentaro Takeda, (Tue Oct 2, 3:29 am)

[TOMOYO 01/15](repost) Allow use of namespace_sem from LSM m..., Kentaro Takeda, (Tue Oct 2, 3:28 am)

Navigation

Popular discussions


linux-kernel:
Jianjun Kong	[PATCH] Standard indentation of arguments
Trond Myklebust	Re: recent nfs change causes autofs regression
Andrew Morton	2.6.23-rc8-mm2
Mark Lord	Re: Linux 2.6.24-rc7
git:

linux-netdev:
KOSAKI Motohiro	[bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin"
Winkler, Tomas	RE: iwlwifi: fix build bug in "iwlwifi: fix LED stall"
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 0/37] dccp: Feature negotiation - last call for comments
linux-activists:
Marc Peters	v 0.11 boot disk problem
Dave `geek' Gymer	WARNING (was Re: New afio release)
David Gabrius	Re: NT vs Linux (was: Re: truth or dare)
David Fenyes	sigsetmask()? (LINUX)

Colocation donated by:

Who's online

There are currently 2 users and 715 guests online.

Online users

Syndicate