[PATCH 2/3] security: add symbol namespace for reading file data
Greg KH
gregkh at linuxfoundation.org
Wed May 13 16:09:36 UTC 2020
On Wed, May 13, 2020 at 10:40:31AM -0500, Eric W. Biederman wrote:
> Luis Chamberlain <mcgrof at kernel.org> writes:
>
> > Certain symbols are not meant to be used by everybody, the security
> > helpers for reading files directly is one such case. Use a symbol
> > namespace for them.
> >
> > This will prevent abuse of use of these symbols in places they were
> > not inteded to be used, and provides an easy way to audit where these
> > types of operations happen as a whole.
>
> Why not just remove the ability for the firmware loader to be a module?
I agree, it's been a mess of build options to try to keep alive over
time.
> Is there some important use case that requires the firmware loader
> to be a module?
I don't think so anymore.
> We already compile the code in by default. So it is probably just
> easier to remove the modular support all together. Which would allow
> the export of the security hooks to be removed as well.
Agreed.
thanks,
greg k-h
More information about the Linux-security-module-archive
mailing list