3.2-rc1 rebase review

Kees Cook keescook at chromium.org
Fri Dec 9 03:02:56 UTC 2011

On Wed, Nov 9, 2011 at 7:14 PM, Tim Gardner <tim.gardner at canonical.com> wrote:
> On 11/09/2011 04:43 PM, Kees Cook wrote:
>> On Wed, Nov 9, 2011 at 1:46 PM, Tetsuo Handa
>> <from-ubuntu at i-love.sakura.ne.jp>  wrote:
>>> passing security=yama and passing security=none generates the same result
>>> because capability hooks are no-op.
>>> I'm suggesting that we can remove
>>>  security_ops->ptrace_access_check == yama_ptrace_access_check
>>>  security_ops->path_link == yama_path_link
>>>  security_ops->inode_follow_link == yama_inode_follow_link
>>>  security_ops->task_prctl == yama_task_prctl
>>>  security_ops->task_free == yama_task_free
>>> checks by removing
>>>  register_security(&yama_ops)
>>>  security_module_enable(&yama_ops)
>>> calls.
>> Okay, I see what you mean now. It's skipping the register_security()
>> part that hadn't sunk in. :)

Tetsuo, does this look okay to you? I incorportated some additional
feedback about #ifdef clutter.


>> Tim, Leann, do you want me to provide a pull request with a revert and
>> new patch, or just send a patch with the changes?
> Kees - I'd like whatever we carry to look as close as possible to what is
> eventually accepted upstream. We are free to rebase Precise (and rewrite
> branch history) for awhile yet.

Okay, cool. I'm waiting on some other feedback before I do this. I
have some rcu changes that might happen as well. Functionally, nothing
has changed, so I'll hold off on a pull request until there's actually
something useful to show. :)



Kees Cook
ChromeOS Security

More information about the kernel-team mailing list