Re: Out of tree module using LSM

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Christoph Hellwig <hch@...>

Cc: Casey Schaufler <casey@...>, Tvrtko A. Ursulin <tvrtko.ursulin@...>, <linux-kernel@...>

Subject: Re: Out of tree module using LSM

Date: Wednesday, November 28, 2007 - 2:15 pm

On Wed, 28 Nov 2007 16:46:13 GMT, Christoph Hellwig said:
quoted text> On Wed, Nov 28, 2007 at 08:38:43AM -0800, Casey Schaufler wrote:
> > Would you like to expound on that, or do you feel your claws
> > are sharp enough already?
> 
> Just take a look at code.

Just to clarify - you're OK with the *concept* (a security model that determines
whether you can do an I/O based on the content), it's just their code that's
ugly?

(Note that the concept has interesting implications in the other direction as
well - rather than stopping you from reading a file that has malware, you could
in theory write an anti-export package that would let you write onto external
memory or outbound e-mail, but prevent the write if it was corporate-sensitive
data, or whatever.  Yes, I *know* a smart attacker can bypass it by simply
crypting/compressing it first - but the vast majority of attackers aren't
smart, and will just use 'cp' or the GUI equivalent to move the secret design
documents onto the USB key... )

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Out of tree module using LSM, Tvrtko A. Ursulin, (Wed Nov 28, 8:42 am)

Re: Out of tree module using LSM, Andi Kleen, (Wed Nov 28, 3:20 pm)

Re: Out of tree module using LSM, , (Thu Nov 29, 12:39 pm)

Re: Out of tree module using LSM, Pavel Machek, (Sat Dec 1, 4:43 am)

Re: Out of tree module using LSM, , (Sun Dec 2, 3:44 pm)

Re: Out of tree module using LSM, Pavel Machek, (Sun Dec 2, 4:22 pm)

Re: Out of tree module using LSM, , (Sun Dec 2, 5:09 pm)

Re: Out of tree module using LSM, Pavel Machek, (Sun Dec 2, 5:56 pm)

Re: Out of tree module using LSM, Jan Engelhardt, (Sun Dec 2, 7:15 pm)

Re: Out of tree module using LSM, Pavel Machek, (Sun Dec 2, 7:23 pm)

Re: Out of tree module using LSM, Andi Kleen, (Sun Dec 2, 4:06 pm)

Re: Out of tree module using LSM, Arjan van de Ven, (Sun Dec 2, 4:02 pm)

Re: Out of tree module using LSM, Alan Cox, (Wed Nov 28, 3:52 pm)

Re: Out of tree module using LSM, , (Wed Nov 28, 4:05 pm)

Re: Out of tree module using LSM, Greg KH, (Wed Nov 28, 8:58 pm)

Re: Out of tree module using LSM, Christoph Hellwig, (Wed Nov 28, 10:41 am)

Re: Out of tree module using LSM, Casey Schaufler, (Wed Nov 28, 12:38 pm)

Re: Out of tree module using LSM, Christoph Hellwig, (Wed Nov 28, 12:46 pm)

Re: Out of tree module using LSM, , (Wed Nov 28, 2:15 pm)

Re: Out of tree module using LSM, Al Viro, (Wed Nov 28, 2:30 pm)

Re: Out of tree module using LSM, , (Thu Nov 29, 12:26 pm)

Re: Out of tree module using LSM, Alan Cox, (Thu Nov 29, 1:36 pm)

Re: Out of tree module using LSM, Andi Kleen, (Thu Nov 29, 5:09 pm)

Re: Out of tree module using LSM, Ray Lee, (Thu Nov 29, 2:40 pm)

Re: Out of tree module using LSM, Jon Masters, (Thu Nov 29, 2:56 pm)

Re: Out of tree module using LSM, Ray Lee, (Thu Nov 29, 3:11 pm)

Re: Out of tree module using LSM, Jon Masters, (Thu Nov 29, 3:45 pm)

Re: Out of tree module using LSM, Alan Cox, (Thu Nov 29, 5:45 pm)

Re: Out of tree module using LSM, Jon Masters, (Thu Nov 29, 7:34 pm)

Re: Out of tree module using LSM, , (Fri Nov 30, 2:20 am)

Re: Out of tree module using LSM, Alan Cox, (Fri Nov 30, 9:30 am)

Re: Out of tree module using LSM, Justin Banks, (Thu Nov 29, 6:12 pm)

Re: Out of tree module using LSM, Al Viro, (Thu Nov 29, 9:48 pm)

Re: Out of tree module using LSM, Justin Banks, (Fri Nov 30, 11:37 am)

Re: Out of tree module using LSM, , (Thu Nov 29, 4:56 pm)

Re: Out of tree module using LSM, Jon Masters, (Thu Nov 29, 7:31 pm)

Re: Out of tree module using LSM, Al Viro, (Thu Nov 29, 6:08 pm)

Re: Out of tree module using LSM, James Morris, (Thu Nov 29, 8:50 pm)

Re: Out of tree module using LSM, Greg KH, (Wed Nov 28, 8:38 pm)

Re: Out of tree module using LSM, Jan Engelhardt, (Wed Nov 28, 8:53 pm)

Re: Out of tree module using LSM, Greg KH, (Wed Nov 28, 9:07 pm)

Re: Out of tree module using LSM, Jon Masters, (Thu Nov 29, 12:36 pm)

Re: Out of tree module using LSM, Greg KH, (Thu Nov 29, 12:47 pm)

Re: Out of tree module using LSM, Jan Engelhardt, (Thu Nov 29, 12:53 pm)

Re: Out of tree module using LSM, Greg KH, (Thu Nov 29, 1:03 pm)

Re: Out of tree module using LSM, Ray Lee, (Thu Nov 29, 1:35 pm)

Re: Out of tree module using LSM, Al Viro, (Thu Nov 29, 1:51 pm)

Re: Out of tree module using LSM, Greg KH, (Thu Nov 29, 1:45 pm)

Re: Out of tree module using LSM, Ray Lee, (Thu Nov 29, 2:03 pm)

Re: Out of tree module using LSM, Justin Banks, (Thu Nov 29, 2:19 pm)

Re: Out of tree module using LSM, Jon Masters, (Thu Nov 29, 2:38 pm)

Re: Out of tree module using LSM, Christoph Hellwig, (Thu Nov 29, 12:57 pm)

Re: Out of tree module using LSM, Alan Cox, (Thu Nov 29, 1:27 pm)

Re: Out of tree module using LSM, Andi Kleen, (Thu Nov 29, 6:58 pm)

Re: Out of tree module using LSM, Pavel Machek, (Sat Dec 8, 6:50 am)

Re: Out of tree module using LSM, Jon Masters, (Thu Nov 29, 1:05 pm)

Re: Out of tree module using LSM, Greg KH, (Thu Nov 29, 1:14 pm)

Re: Out of tree module using LSM, Stephen Hemminger, (Wed Nov 28, 1:39 pm)

Re: Out of tree module using LSM, , (Wed Nov 28, 2:22 pm)

Re: Out of tree module using LSM, James Morris, (Wed Nov 28, 8:12 pm)

Re: Out of tree module using LSM, Jon Masters, (Thu Nov 29, 12:27 pm)

Re: Out of tree module using LSM, Jan Engelhardt, (Thu Nov 29, 12:52 pm)

Re: Out of tree module using LSM, Greg KH, (Thu Nov 29, 12:51 pm)

Re: Out of tree module using LSM, Stephen Hemminger, (Thu Nov 29, 12:51 pm)

Re: Out of tree module using LSM, Jan Engelhardt, (Wed Nov 28, 8:51 pm)

Re: Out of tree module using LSM, Casey Schaufler, (Wed Nov 28, 9:45 pm)

Re: Out of tree module using LSM, Alan Cox, (Wed Nov 28, 3:50 pm)

Re: Out of tree module using LSM, , (Thu Nov 29, 12:12 pm)


linux-kernel:
Parag Warudkar	BUG: soft lockup - CPU#1 stuck for 15s! [swapper:0]
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
git:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Arjan van de Ven	Re: [GIT]: Networking
David Miller	Re: [BUG] New Kernel Bugs
openbsd-misc:

Re: Out of tree module using LSM

Online users