[kernel-hardening] [PATCH 00/11] S.A.R.A. a new stacked LSM
Serge E. Hallyn
serge at hallyn.com
Thu Jul 13 19:51:06 UTC 2017
Quoting Mimi Zohar (zohar at linux.vnet.ibm.com):
> On Thu, 2017-07-13 at 08:39 -0400, Matt Brown wrote:
> The question is really from a security perspective which is better?
> Obviously, as v2 of the patch set changed from using pathnames to
> inodes, it's pretty clear that I think inodes would be better. Kees,
> Serge, Casey any comments?
Yes, inode seems clearly better. Paths are too easily worked around.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list