[PATCH v4 1/3] security: Refactor LSM hooks into an array and enum
Sargun Dhillon
sargun at sargun.me
Wed Mar 7 22:22:14 UTC 2018
On Wed, Mar 7, 2018 at 12:23 PM, Casey Schaufler <casey at schaufler-ca.com> wrote:
> On 3/7/2018 11:18 AM, Sargun Dhillon wrote:
>> On Wed, Mar 7, 2018 at 9:45 AM, Casey Schaufler <casey at schaufler-ca.com> wrote:
>>> On 3/6/2018 11:23 PM, Sargun Dhillon wrote:
>>>> This commit should have no functional change. It changes the security hook
>>>> list heads struct into an array. Additionally, it exposes all of the hooks
>>>> via an enum. This loses memory layout randomization as the enum is not
>>>> randomized.
>>> Please explain why you want to do this. I still dislike it.
>>>
>> Do you dislike it because of the loss of randomization, or some other reason?
>
> I dislike a huge array of untyped function pointers.
> I dislike the loss of type checking in security.c
>
Ok, I can go back to that. My previous approach was using two
list_heads, but people suggested otherwise. Would you be okay with the
>> The reason for not just having a second list_heads is that it's
>> somewhat ugly having to replicate that structure twice -- once for
>> dynamic hooks, and once for 'static' hooks.
>
> There was discussion about this some time ago. In the case
> where you don't allow dynamic hooks, you mark the lists ro_after_init
> whereas in the case with them you don't, but use the locking.
>
>
Why expose the compiled-in hooks to being RW? To me, having two
list_heads seems better, because you have the built-in ones be read
only, and the ones at load time be read/write. In fact, we could
protect the r/w with pmalloc?
>> Instead, we have one enum that LSMs can use and two arrays of heads
>> rather than an entire unrolled set of list_heads.
>
> But how is this better? What is the advantage?
>
>>
>> If we had a way to randomize this, would it make you comfortable?
>>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list