From: Casey Schaufler <casey@schaufler-ca.com>
To: Andi Kleen <ak@suse.de>, Andrew Morton <akpm@linux-foundation.org>
Cc: casey@schaufler-ca.com, torvalds@linux-foundation.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, James Morris <jmorris@namei.org>,
Paul Moore <paul.moore@hp.com>
Subject: Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel
Date: Sun, 30 Sep 2007 10:14:50 -0700 (PDT) [thread overview]
Message-ID: <984405.24264.qm@web36601.mail.mud.yahoo.com> (raw)
In-Reply-To: <200709301042.26473.ak@suse.de>
--- Andi Kleen <ak@suse.de> wrote:
>
> > - Smack.txt and the website seem a bit skimpy. Is there enough
> > documentation out there for someone to usefully (and, more importantly,
> > safely) start using smack?
>
> Yes that's the important thing.
>
> > - In his review of version 1, Andi suggested that your ruleset traversal
> > be protected by RCU. But it seems that this wasn't done. Were the races
> > which he identified fixed by other means? If so, what were they?
>
> The issue was moot because rulesets never get removed in the current
> implementation. I had missed that. If that ever changes RCU would be likely
> needed though.
>
> > - hm, netlabels. Who might be a suitable person to review that code?
> > Seems that Paul Moore is the man. Maybe he'd be interested in taking a
> > look over it (please?)
>
> I personally consider these IP options it uses to be pretty useless. Who
> could
> ever use that without cryptographic authentication? Clearly when they
> were designed in the original IP spec long ago the designers didn't
> understand
> network security very well because the whole field was at its infancy. And
> CIPSO doesn't solve any of these fundamental issues.
Real quickly, CIPSO doesn't try to. CIPSO attaches attribute information
to the packet, and that's it. Smack uses CIPSO because it's available
and sufficient to get the required information about packets from one
task to another inside the box. It does the job going off box, too.
The authentication issues are very real, but a separate issue.
> It assumes a trusted network which is a very dangerous assumption. I don't
> think that was in the original patch I looked at, I surely would have
> objected to it.
>
> Perhaps take the network part out? I guess SMACK would be useful
> locally even without questionable network support.
That would break sockets. I really doubt that you're suggesting that
cryptographic authentication is required on the loopback interface.
Casey Schaufler
casey@schaufler-ca.com
next prev parent reply other threads:[~2007-09-30 17:15 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-30 0:20 [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel Casey Schaufler
2007-09-30 8:16 ` Andrew Morton
2007-09-30 8:42 ` Andi Kleen
2007-09-30 17:14 ` Casey Schaufler [this message]
2007-09-30 17:34 ` Andi Kleen
2007-09-30 23:24 ` david
2007-09-30 17:29 ` Joshua Brindle
2007-09-30 17:39 ` Andi Kleen
2007-09-30 19:07 ` Theodore Tso
2007-09-30 20:05 ` Andi Kleen
2007-09-30 20:22 ` Theodore Tso
2007-10-01 20:28 ` Casey Schaufler
2007-09-30 20:18 ` Paul Moore
2007-09-30 9:53 ` Christoph Hellwig
2007-09-30 17:19 ` Casey Schaufler
2007-10-02 8:36 ` Thomas Bleher
2007-09-30 17:02 ` Casey Schaufler
2007-09-30 20:30 ` Paul Moore
2007-10-01 11:33 ` James Morris
2007-10-01 15:07 ` Linus Torvalds
2007-10-01 15:40 ` Stephen Smalley
2007-10-01 16:04 ` Linus Torvalds
2007-10-01 17:54 ` Olivier Galibert
2007-10-02 21:02 ` Bill Davidsen
2007-10-02 21:20 ` Linus Torvalds
2007-10-02 23:25 ` Linus Torvalds
2007-10-03 0:12 ` Alan Cox
2007-10-04 22:56 ` Derek Fawcus
2007-10-04 23:18 ` Chuck Ebbert
2007-10-04 23:44 ` Derek Fawcus
2007-10-03 5:32 ` Crispin Cowan
2007-10-03 3:54 ` Bill Davidsen
2007-10-03 4:52 ` Linus Torvalds
2007-10-05 1:44 ` Eric W. Biederman
2007-10-05 3:04 ` Kyle Moffett
2007-10-05 4:45 ` Eric W. Biederman
2007-10-05 5:48 ` Kyle Moffett
2007-10-05 16:27 ` Casey Schaufler
2007-10-05 18:42 ` Stephen Smalley
2007-10-05 20:08 ` Casey Schaufler
2007-10-05 20:11 ` Eric W. Biederman
2007-10-08 17:50 ` Casey Schaufler
2007-10-08 18:47 ` Eric W. Biederman
2007-10-08 18:53 ` Serge E. Hallyn
2007-10-08 21:05 ` Casey Schaufler
2007-10-08 16:18 ` Serge E. Hallyn
2007-10-08 17:31 ` Casey Schaufler
2007-10-09 13:52 ` Stephen Smalley
2007-10-09 16:02 ` Casey Schaufler
2007-10-08 23:24 ` Bill Davidsen
2007-10-08 16:06 ` Serge E. Hallyn
2007-10-08 17:20 ` Eric W. Biederman
2007-10-08 18:00 ` Serge E. Hallyn
2007-10-08 19:29 ` Eric W. Biederman
2007-10-08 19:50 ` Eric W. Biederman
2007-10-08 20:39 ` Casey Schaufler
2007-10-08 21:02 ` Eric W. Biederman
2007-10-08 21:20 ` Alan Cox
2007-10-10 13:48 ` Eric W. Biederman
2007-10-10 15:45 ` Stephen Smalley
2007-10-10 17:57 ` Casey Schaufler
2007-10-11 10:46 ` Kyle Moffett
2007-10-11 15:41 ` Casey Schaufler
2007-10-11 18:53 ` Kyle Moffett
2007-10-11 20:09 ` Alan Cox
2007-10-08 21:51 ` Crispin Cowan
2007-10-30 4:01 ` Kazuki Omo(Company)
2007-10-30 15:07 ` Casey Schaufler
2007-10-08 20:25 ` Casey Schaufler
2007-10-08 20:57 ` Eric W. Biederman
2007-10-06 19:14 ` Bill Davidsen
2007-10-03 0:10 ` Alan Cox
2007-10-03 0:18 ` Linus Torvalds
2007-10-01 16:39 ` Casey Schaufler
2007-10-01 19:00 ` Theodore Tso
2007-10-01 15:38 ` Casey Schaufler
2007-10-01 20:49 ` Jan Engelhardt
2007-10-01 3:47 ` Serge E. Hallyn
2007-10-01 4:15 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=984405.24264.qm@web36601.mail.mud.yahoo.com \
--to=casey@schaufler-ca.com \
--cc=ak@suse.de \
--cc=akpm@linux-foundation.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul.moore@hp.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox