Hardcoded security module suggestion - stop the stacking insanity
Linus Torvalds
torvalds at linux-foundation.org
Tue Apr 9 18:24:44 UTC 2024
On Tue, 9 Apr 2024 at 11:02, Kees Cook <keescook at chromium.org> wrote:
>
> I don't think it's sane to demand that LSM stacking be removed. That's
> just not the world we live in -- we have specific and large scale needs
> for the infrastructure that is in place.
I think we really need to push back on this all.
The whole stacking is new. There can't be too many users. And it damn
well can be limited.
Right now that sttaic stacking code is written to allow 11 levels.
Why? Just because you people cannot agree.
Stop it.
> I don't think describing static calls as "random hacks" is very fair;
Static calls aren't random hacks.
But the "up to eleven levens of nesting" and "reorider arbitrarily" IS.
This needs to be *fixed*.
Seriously, what part of "this is now an attack vector" did people not get?
Linus
More information about the Linux-security-module-archive
mailing list