[RFC PATCH 1/6] security/fbfam: Add a Kconfig to enable the fbfam feature
Kees Cook
keescook at chromium.org
Thu Sep 10 23:18:08 UTC 2020
On Thu, Sep 10, 2020 at 01:21:02PM -0700, Kees Cook wrote:
> From: John Wood <john.wood at gmx.com>
>
> Add a menu entry under "Security options" to enable the "Fork brute
> force attack mitigation" feature.
>
> Signed-off-by: John Wood <john.wood at gmx.com>
> ---
> security/Kconfig | 1 +
> security/fbfam/Kconfig | 10 ++++++++++
> 2 files changed, 11 insertions(+)
> create mode 100644 security/fbfam/Kconfig
>
> diff --git a/security/Kconfig b/security/Kconfig
> index 7561f6f99f1d..00a90e25b8d5 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -290,6 +290,7 @@ config LSM
> If unsure, leave this as the default.
>
> source "security/Kconfig.hardening"
> +source "security/fbfam/Kconfig"
Given the layout you've chosen and the interface you've got, I think
this should just be treated like a regular LSM.
>
> endmenu
>
> diff --git a/security/fbfam/Kconfig b/security/fbfam/Kconfig
> new file mode 100644
> index 000000000000..bbe7f6aad369
> --- /dev/null
> +++ b/security/fbfam/Kconfig
> @@ -0,0 +1,10 @@
> +# SPDX-License-Identifier: GPL-2.0
> +config FBFAM
To jump on the bikeshed: how about just calling this
FORK_BRUTE_FORCE_DETECTION or FORK_BRUTE, and the directory could be
"brute", etc. "fbfam" doesn't tell anyone anything.
--
Kees Cook
More information about the Linux-security-module-archive
mailing list