3.2-rc1 rebase review
Kees Cook
keescook at chromium.org
Wed Nov 9 23:43:52 UTC 2011
On Wed, Nov 9, 2011 at 1:46 PM, Tetsuo Handa
<from-ubuntu at i-love.sakura.ne.jp> wrote:
> passing security=yama and passing security=none generates the same result
> because capability hooks are no-op.
>
> I'm suggesting that we can remove
>
> security_ops->ptrace_access_check == yama_ptrace_access_check
> security_ops->path_link == yama_path_link
> security_ops->inode_follow_link == yama_inode_follow_link
> security_ops->task_prctl == yama_task_prctl
> security_ops->task_free == yama_task_free
>
> checks by removing
>
> register_security(&yama_ops)
> security_module_enable(&yama_ops)
>
> calls.
Okay, I see what you mean now. It's skipping the register_security()
part that hadn't sunk in. :)
Tim, Leann, do you want me to provide a pull request with a revert and
new patch, or just send a patch with the changes?
-Kees
--
Kees Cook
ChromeOS Security
More information about the kernel-team
mailing list