Re: [PATCH 4/7] firmware_class: perform new LSM checks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 19 Jul 2014, Kees Cook wrote:

[...]

> With the patch series, the LSM hook sees the userspace-touching loads:
> - from kernel built-in: no LSM hook (nonsense to check the static list)
> - direct from filesystem: called with file struct
> - via uevent /sys "loading"/"data" interface: called with NULL file struct
> - via uevent /sys "fd" interface: called with file struct

Thanks for the overview.  Can we get this documented in the LSM code?

> The reason the "fd" interface was added was because otherwise there's
> no way for systems that use the uevent handler to communicate to the
> kernel where the bytes being shoved into the "data" interface are
> coming from.

Ok.

I gather folks have also thought about signing firmware?


-- 
James Morris
<jmorris@xxxxxxxxx>

--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux