Re: [PATCH] LSM: allow an LSM to disable all hooks at once

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
Subject: Re: [PATCH] LSM: allow an LSM to disable all hooks at once
From: James Morris <jmorris@xxxxxxxxx>
Date: Sat, 14 Dec 2019 05:48:46 +1100 (AEDT)
Cc: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>, Linux Security Module list <linux-security-module@xxxxxxxxxxxxxxx>, "Serge E. Hallyn" <serge@xxxxxxxxxx>, Casey Schaufler <casey@xxxxxxxxxxxxxxxx>, SElinux list <selinux@xxxxxxxxxxxxxxx>, Paul Moore <paul@xxxxxxxxxxxxxx>, Stephen Smalley <sds@xxxxxxxxxxxxx>, John Johansen <john.johansen@xxxxxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Micah Morton <mortonm@xxxxxxxxxxxx>
In-reply-to: <CAFqZXNv=AnPxHuQCusoJQGEJ8Q+yF7_TPBCRyAcE5OPzoYFc9w@mail.gmail.com>
References: <20191211140833.939845-1-omosnace@redhat.com> <66706222-b6af-5099-e485-b99391ad70b3@i-love.sakura.ne.jp> <CAFqZXNv=AnPxHuQCusoJQGEJ8Q+yF7_TPBCRyAcE5OPzoYFc9w@mail.gmail.com>
User-agent: Alpine 2.21 (LRH 202 2017-01-01)

On Thu, 12 Dec 2019, Ondrej Mosnacek wrote:

> I'd say the burden of implementing this would lie on the arms of
> whoever prepares the patches for dynamic load/unload.

Correct, and I don't see any such patches being accepted.

Go and look at some exploits, where LSM is used as a rootkit API...

-- 
James Morris
<jmorris@xxxxxxxxx>

Follow-Ups:
- Re: [PATCH] LSM: allow an LSM to disable all hooks at once
  - From: Tetsuo Handa

References:
- [PATCH] LSM: allow an LSM to disable all hooks at once
  - From: Ondrej Mosnacek
- Re: [PATCH] LSM: allow an LSM to disable all hooks at once
  - From: Tetsuo Handa
- Re: [PATCH] LSM: allow an LSM to disable all hooks at once
  - From: Ondrej Mosnacek

Prev by Date: Re: Does anyone use RANDSTRUCT?
Next by Date: [RFC PATCH] selinux: randomize layout of key structures
Previous by thread: Re: [PATCH] LSM: allow an LSM to disable all hooks at once
Next by thread: Re: [PATCH] LSM: allow an LSM to disable all hooks at once
Index(es):
- Date
- Thread

[Index of Archives] [Selinux Refpolicy] [Linux SGX] [Fedora Users] [Fedora Desktop] [Yosemite Photos] [Yosemite Camping] [Yosemite Campsites] [KDE Users] [Gnome Users]