Re: [PATCH v4 1/3] security: Refactor LSM hooks into an array and enum
From: Sargun Dhillon
Date: Wed Mar 07 2018 - 14:19:04 EST
On Wed, Mar 7, 2018 at 9:45 AM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> On 3/6/2018 11:23 PM, Sargun Dhillon wrote:
>> This commit should have no functional change. It changes the security hook
>> list heads struct into an array. Additionally, it exposes all of the hooks
>> via an enum. This loses memory layout randomization as the enum is not
>> randomized.
>
> Please explain why you want to do this. I still dislike it.
>
Do you dislike it because of the loss of randomization, or some other reason?
The reason for not just having a second list_heads is that it's
somewhat ugly having to replicate that structure twice -- once for
dynamic hooks, and once for 'static' hooks.
Instead, we have one enum that LSMs can use and two arrays of heads
rather than an entire unrolled set of list_heads.
If we had a way to randomize this, would it make you comfortable?