Re: [kernel-hardening] [PATCH 00/11] S.A.R.A. a new stacked LSM

From: Matt Brown
Date: Thu Jul 13 2017 - 18:33:59 EST

Next message: Mike Kravetz: "Re: [PATCH] mm/mremap: Fail map duplication attempts for private mappings"
Previous message: Jeff Kirsher: "Re: [PATCH] igb: fix unused igb_deliver_wake_packet() warning when CONFIG_PM=n"
In reply to: Serge E. Hallyn: "Re: [kernel-hardening] [PATCH 00/11] S.A.R.A. a new stacked LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 7/13/17 3:51 PM, Serge E. Hallyn wrote:
> Quoting Mimi Zohar (zohar@xxxxxxxxxxxxxxxxxx):
>> On Thu, 2017-07-13 at 08:39 -0400, Matt Brown wrote:
>> The question is really from a security perspective which is better?
>> Obviously, as v2 of the patch set changed from using pathnames to
>> inodes, it's pretty clear that I think inodes would be better. Kees,
>> Serge, Casey any comments?
>
> Yes, inode seems clearly better. Paths are too easily worked around.
>

Sounds good. Do we think a rb_tree would be better than a list to store
the inodes in?

Matt

Next message: Mike Kravetz: "Re: [PATCH] mm/mremap: Fail map duplication attempts for private mappings"
Previous message: Jeff Kirsher: "Re: [PATCH] igb: fix unused igb_deliver_wake_packet() warning when CONFIG_PM=n"
In reply to: Serge E. Hallyn: "Re: [kernel-hardening] [PATCH 00/11] S.A.R.A. a new stacked LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]