On Thu, 2007-03-08 at 15:38 -0500, [EMAIL PROTECTED] wrote:
> On Thu, 08 Mar 2007 12:46:47 CST, "Serge E. Hallyn" said:
> > I think it should be done as both. The part which measures the
> > integrity of files should be an integrity subsystem. The part which
> > uses those results to either
Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]):
> On Thu, 08 Mar 2007 12:46:47 CST, "Serge E. Hallyn" said:
> > I think it should be done as both. The part which measures the
> > integrity of files should be an integrity subsystem. The part which
> > uses those results to either allow/refuse
On Thu, 08 Mar 2007 12:46:47 CST, "Serge E. Hallyn" said:
> I think it should be done as both. The part which measures the
> integrity of files should be an integrity subsystem. The part which
> uses those results to either allow/refuse actions or take some other
> action (i.e. shut down the
* Casey Schaufler ([EMAIL PROTECTED]) wrote:
>
> --- "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:
>
>
> > It's unfortunate, agreed, but
> >
> > use of LSM as an integrity framework was also a
> > no-go.
>
> You're going to have to justify this assertion.
> I know of at least one
Quoting Casey Schaufler ([EMAIL PROTECTED]):
>
> --- "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:
>
>
> > It's unfortunate, agreed, but
> >
> > use of LSM as an integrity framework was also a
> > no-go.
>
> You're going to have to justify this assertion.
You misunderstand. I wasn't saying
--- "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:
> It's unfortunate, agreed, but
>
> use of LSM as an integrity framework was also a
> no-go.
You're going to have to justify this assertion.
I know of at least one work-in-progress for which
LSM works just fine. Not to mention the Integrity
* Serge E. Hallyn ([EMAIL PROTECTED]) wrote:
> It's unfortunate, agreed, but
> use of LSM as an integrity framework was also a no-go.
>
> Options?
There's too much dup because stuff like above is just access control
not integrity measurement. Need to break off the parts that really
are
Quoting Chris Wright ([EMAIL PROTECTED]):
> * Mimi Zohar ([EMAIL PROTECTED]) wrote:
> > +static int dummy_inode_setxattr(struct dentry *dentry, char *name, void
> > *value,
> > + size_t size, int flags)
> > +{
> > + if (!strncmp(name, XATTR_SECURITY_PREFIX,
> > +
* Mimi Zohar ([EMAIL PROTECTED]) wrote:
> +static int dummy_inode_setxattr(struct dentry *dentry, char *name, void
> *value,
> + size_t size, int flags)
> +{
> + if (!strncmp(name, XATTR_SECURITY_PREFIX,
> + sizeof(XATTR_SECURITY_PREFIX) - 1) &&
>
* Mimi Zohar ([EMAIL PROTECTED]) wrote:
+static int dummy_inode_setxattr(struct dentry *dentry, char *name, void
*value,
+ size_t size, int flags)
+{
+ if (!strncmp(name, XATTR_SECURITY_PREFIX,
+ sizeof(XATTR_SECURITY_PREFIX) - 1)
+
Quoting Chris Wright ([EMAIL PROTECTED]):
* Mimi Zohar ([EMAIL PROTECTED]) wrote:
+static int dummy_inode_setxattr(struct dentry *dentry, char *name, void
*value,
+ size_t size, int flags)
+{
+ if (!strncmp(name, XATTR_SECURITY_PREFIX,
+
* Serge E. Hallyn ([EMAIL PROTECTED]) wrote:
It's unfortunate, agreed, but
use of LSM as an integrity framework was also a no-go.
Options?
There's too much dup because stuff like above is just access control
not integrity measurement. Need to break off the parts that really
are different.
--- Serge E. Hallyn [EMAIL PROTECTED] wrote:
It's unfortunate, agreed, but
use of LSM as an integrity framework was also a
no-go.
You're going to have to justify this assertion.
I know of at least one work-in-progress for which
LSM works just fine. Not to mention the Integrity
claims of
Quoting Casey Schaufler ([EMAIL PROTECTED]):
--- Serge E. Hallyn [EMAIL PROTECTED] wrote:
It's unfortunate, agreed, but
use of LSM as an integrity framework was also a
no-go.
You're going to have to justify this assertion.
You misunderstand. I wasn't saying it wouldn't work :)
* Casey Schaufler ([EMAIL PROTECTED]) wrote:
--- Serge E. Hallyn [EMAIL PROTECTED] wrote:
It's unfortunate, agreed, but
use of LSM as an integrity framework was also a
no-go.
You're going to have to justify this assertion.
I know of at least one work-in-progress for which
LSM
On Thu, 08 Mar 2007 12:46:47 CST, Serge E. Hallyn said:
I think it should be done as both. The part which measures the
integrity of files should be an integrity subsystem. The part which
uses those results to either allow/refuse actions or take some other
action (i.e. shut down the system)
Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]):
On Thu, 08 Mar 2007 12:46:47 CST, Serge E. Hallyn said:
I think it should be done as both. The part which measures the
integrity of files should be an integrity subsystem. The part which
uses those results to either allow/refuse actions or
On Thu, 2007-03-08 at 15:38 -0500, [EMAIL PROTECTED] wrote:
On Thu, 08 Mar 2007 12:46:47 CST, Serge E. Hallyn said:
I think it should be done as both. The part which measures the
integrity of files should be an integrity subsystem. The part which
uses those results to either allow/refuse
18 matches
Mail list logo