From: Casey Schaufler <casey@schaufler-ca.com>
To: Salvatore Mesoraca <s.mesoraca16@gmail.com>,
linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org,
kernel-hardening@lists.openwall.com,
Brad Spengler <spender@grsecurity.net>,
PaX Team <pageexec@freemail.hu>,
Kees Cook <keescook@chromium.org>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-usb@vger.kernel.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH 03/11] Creation of "usb_device_auth" LSM hook
Date: Mon, 12 Jun 2017 14:31:30 -0700 [thread overview]
Message-ID: <8219df49-321d-d032-48b5-cf1cd5a46664@schaufler-ca.com> (raw)
In-Reply-To: <1497286620-15027-4-git-send-email-s.mesoraca16@gmail.com>
On 6/12/2017 9:56 AM, Salvatore Mesoraca wrote:
> Creation of a new LSM hook that can be used to authorize or deauthorize
> new USB devices via the usb authorization interface.
> The same hook can also prevent the authorization of a USB device via
> "/sys/bus/usb/devices/DEVICE/authorized".
> Using this hook an LSM could provide an higher level of granularity
> than the current authorization interface.
>
> Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
> Cc: linux-usb@vger.kernel.org
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
> drivers/usb/core/hub.c | 4 ++++
> drivers/usb/core/sysfs.c | 6 +++++-
> include/linux/lsm_hooks.h | 6 ++++++
> include/linux/security.h | 7 +++++++
> security/security.c | 5 +++++
> 5 files changed, 27 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
> index b8bb20d..58be4f0 100644
> --- a/drivers/usb/core/hub.c
> +++ b/drivers/usb/core/hub.c
> @@ -28,6 +28,7 @@
> #include <linux/mutex.h>
> #include <linux/random.h>
> #include <linux/pm_qos.h>
> +#include <linux/security.h>
>
> #include <linux/uaccess.h>
> #include <asm/byteorder.h>
> @@ -4831,6 +4832,9 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
> if (udev->quirks & USB_QUIRK_DELAY_INIT)
> msleep(1000);
>
> + if (security_usb_device_auth(udev))
> + usb_deauthorize_device(udev);
> +
> /* consecutive bus-powered hubs aren't reliable; they can
> * violate the voltage drop budget. if the new child has
> * a "powered" LED, users should notice we didn't enable it
> diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c
> index dfc68ed..fce9d39 100644
> --- a/drivers/usb/core/sysfs.c
> +++ b/drivers/usb/core/sysfs.c
> @@ -17,6 +17,7 @@
> #include <linux/usb.h>
> #include <linux/usb/quirks.h>
> #include <linux/of.h>
> +#include <linux/security.h>
> #include "usb.h"
>
> /* Active configuration fields */
> @@ -742,8 +743,11 @@ static ssize_t authorized_store(struct device *dev,
> result = -EINVAL;
> else if (val == 0)
> result = usb_deauthorize_device(usb_dev);
> - else
> + else {
> + if (security_usb_device_auth(usb_dev))
> + return -EPERM;
Return the error reported by the hook rather than -EPERM.
> result = usb_authorize_device(usb_dev);
> + }
> return result < 0 ? result : size;
> }
> static DEVICE_ATTR_IGNORE_LOCKDEP(authorized, S_IRUGO | S_IWUSR,
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index bd274db..cc0937e 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -1189,6 +1189,10 @@
> * to the @parent process for tracing.
> * @parent contains the task_struct structure for debugger process.
> * Return 0 if permission is granted.
> + * @usb_device_auth:
> + * Check if @udev device should be authorized or not.
> + * @udev contains the usb_device structure for the USB device.
> + * Return 0 if the device is allowed.
> * @capget:
> * Get the @effective, @inheritable, and @permitted capability sets for
> * the @target process. The hook may also perform permission checking to
> @@ -1352,6 +1356,7 @@
> int (*ptrace_access_check)(struct task_struct *child,
> unsigned int mode);
> int (*ptrace_traceme)(struct task_struct *parent);
> + int (*usb_device_auth)(const struct usb_device *udev);
> int (*capget)(struct task_struct *target, kernel_cap_t *effective,
> kernel_cap_t *inheritable, kernel_cap_t *permitted);
> int (*capset)(struct cred *new, const struct cred *old,
> @@ -1670,6 +1675,7 @@ struct security_hook_heads {
> struct list_head binder_transfer_file;
> struct list_head ptrace_access_check;
> struct list_head ptrace_traceme;
> + struct list_head usb_device_auth;
> struct list_head capget;
> struct list_head capset;
> struct list_head capable;
> diff --git a/include/linux/security.h b/include/linux/security.h
> index af675b5..19bc364 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -30,6 +30,7 @@
> #include <linux/string.h>
> #include <linux/mm.h>
> #include <linux/fs.h>
> +#include <linux/usb.h>
>
> struct linux_binprm;
> struct cred;
> @@ -196,6 +197,7 @@ int security_binder_transfer_file(struct task_struct *from,
> struct task_struct *to, struct file *file);
> int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
> int security_ptrace_traceme(struct task_struct *parent);
> +int security_usb_device_auth(const struct usb_device *udev);
> int security_capget(struct task_struct *target,
> kernel_cap_t *effective,
> kernel_cap_t *inheritable,
> @@ -434,6 +436,11 @@ static inline int security_ptrace_traceme(struct task_struct *parent)
> return cap_ptrace_traceme(parent);
> }
>
> +static inline int security_usb_device_auth(const struct usb_device *udev)
> +{
> + return 0;
> +}
> +
> static inline int security_capget(struct task_struct *target,
> kernel_cap_t *effective,
> kernel_cap_t *inheritable,
> diff --git a/security/security.c b/security/security.c
> index 42c8028..e390f99 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -214,6 +214,11 @@ int security_ptrace_traceme(struct task_struct *parent)
> return call_int_hook(ptrace_traceme, 0, parent);
> }
>
> +int security_usb_device_auth(const struct usb_device *udev)
> +{
> + return call_int_hook(usb_device_auth, 0, udev);
> +}
> +
> int security_capget(struct task_struct *target,
> kernel_cap_t *effective,
> kernel_cap_t *inheritable,
WARNING: multiple messages have this Message-ID (diff)
From: casey@schaufler-ca.com (Casey Schaufler)
To: linux-security-module@vger.kernel.org
Subject: [PATCH 03/11] Creation of "usb_device_auth" LSM hook
Date: Mon, 12 Jun 2017 14:31:30 -0700 [thread overview]
Message-ID: <8219df49-321d-d032-48b5-cf1cd5a46664@schaufler-ca.com> (raw)
In-Reply-To: <1497286620-15027-4-git-send-email-s.mesoraca16@gmail.com>
On 6/12/2017 9:56 AM, Salvatore Mesoraca wrote:
> Creation of a new LSM hook that can be used to authorize or deauthorize
> new USB devices via the usb authorization interface.
> The same hook can also prevent the authorization of a USB device via
> "/sys/bus/usb/devices/DEVICE/authorized".
> Using this hook an LSM could provide an higher level of granularity
> than the current authorization interface.
>
> Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
> Cc: linux-usb at vger.kernel.org
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
> drivers/usb/core/hub.c | 4 ++++
> drivers/usb/core/sysfs.c | 6 +++++-
> include/linux/lsm_hooks.h | 6 ++++++
> include/linux/security.h | 7 +++++++
> security/security.c | 5 +++++
> 5 files changed, 27 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
> index b8bb20d..58be4f0 100644
> --- a/drivers/usb/core/hub.c
> +++ b/drivers/usb/core/hub.c
> @@ -28,6 +28,7 @@
> #include <linux/mutex.h>
> #include <linux/random.h>
> #include <linux/pm_qos.h>
> +#include <linux/security.h>
>
> #include <linux/uaccess.h>
> #include <asm/byteorder.h>
> @@ -4831,6 +4832,9 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
> if (udev->quirks & USB_QUIRK_DELAY_INIT)
> msleep(1000);
>
> + if (security_usb_device_auth(udev))
> + usb_deauthorize_device(udev);
> +
> /* consecutive bus-powered hubs aren't reliable; they can
> * violate the voltage drop budget. if the new child has
> * a "powered" LED, users should notice we didn't enable it
> diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c
> index dfc68ed..fce9d39 100644
> --- a/drivers/usb/core/sysfs.c
> +++ b/drivers/usb/core/sysfs.c
> @@ -17,6 +17,7 @@
> #include <linux/usb.h>
> #include <linux/usb/quirks.h>
> #include <linux/of.h>
> +#include <linux/security.h>
> #include "usb.h"
>
> /* Active configuration fields */
> @@ -742,8 +743,11 @@ static ssize_t authorized_store(struct device *dev,
> result = -EINVAL;
> else if (val == 0)
> result = usb_deauthorize_device(usb_dev);
> - else
> + else {
> + if (security_usb_device_auth(usb_dev))
> + return -EPERM;
Return the error reported by the hook rather than -EPERM.
> result = usb_authorize_device(usb_dev);
> + }
> return result < 0 ? result : size;
> }
> static DEVICE_ATTR_IGNORE_LOCKDEP(authorized, S_IRUGO | S_IWUSR,
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index bd274db..cc0937e 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -1189,6 +1189,10 @@
> * to the @parent process for tracing.
> * @parent contains the task_struct structure for debugger process.
> * Return 0 if permission is granted.
> + * @usb_device_auth:
> + * Check if @udev device should be authorized or not.
> + * @udev contains the usb_device structure for the USB device.
> + * Return 0 if the device is allowed.
> * @capget:
> * Get the @effective, @inheritable, and @permitted capability sets for
> * the @target process. The hook may also perform permission checking to
> @@ -1352,6 +1356,7 @@
> int (*ptrace_access_check)(struct task_struct *child,
> unsigned int mode);
> int (*ptrace_traceme)(struct task_struct *parent);
> + int (*usb_device_auth)(const struct usb_device *udev);
> int (*capget)(struct task_struct *target, kernel_cap_t *effective,
> kernel_cap_t *inheritable, kernel_cap_t *permitted);
> int (*capset)(struct cred *new, const struct cred *old,
> @@ -1670,6 +1675,7 @@ struct security_hook_heads {
> struct list_head binder_transfer_file;
> struct list_head ptrace_access_check;
> struct list_head ptrace_traceme;
> + struct list_head usb_device_auth;
> struct list_head capget;
> struct list_head capset;
> struct list_head capable;
> diff --git a/include/linux/security.h b/include/linux/security.h
> index af675b5..19bc364 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -30,6 +30,7 @@
> #include <linux/string.h>
> #include <linux/mm.h>
> #include <linux/fs.h>
> +#include <linux/usb.h>
>
> struct linux_binprm;
> struct cred;
> @@ -196,6 +197,7 @@ int security_binder_transfer_file(struct task_struct *from,
> struct task_struct *to, struct file *file);
> int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
> int security_ptrace_traceme(struct task_struct *parent);
> +int security_usb_device_auth(const struct usb_device *udev);
> int security_capget(struct task_struct *target,
> kernel_cap_t *effective,
> kernel_cap_t *inheritable,
> @@ -434,6 +436,11 @@ static inline int security_ptrace_traceme(struct task_struct *parent)
> return cap_ptrace_traceme(parent);
> }
>
> +static inline int security_usb_device_auth(const struct usb_device *udev)
> +{
> + return 0;
> +}
> +
> static inline int security_capget(struct task_struct *target,
> kernel_cap_t *effective,
> kernel_cap_t *inheritable,
> diff --git a/security/security.c b/security/security.c
> index 42c8028..e390f99 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -214,6 +214,11 @@ int security_ptrace_traceme(struct task_struct *parent)
> return call_int_hook(ptrace_traceme, 0, parent);
> }
>
> +int security_usb_device_auth(const struct usb_device *udev)
> +{
> + return call_int_hook(usb_device_auth, 0, udev);
> +}
> +
> int security_capget(struct task_struct *target,
> kernel_cap_t *effective,
> kernel_cap_t *inheritable,
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Casey Schaufler <casey@schaufler-ca.com>
To: Salvatore Mesoraca <s.mesoraca16@gmail.com>,
linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org,
kernel-hardening@lists.openwall.com,
Brad Spengler <spender@grsecurity.net>,
PaX Team <pageexec@freemail.hu>,
Kees Cook <keescook@chromium.org>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-usb@vger.kernel.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: [kernel-hardening] Re: [PATCH 03/11] Creation of "usb_device_auth" LSM hook
Date: Mon, 12 Jun 2017 14:31:30 -0700 [thread overview]
Message-ID: <8219df49-321d-d032-48b5-cf1cd5a46664@schaufler-ca.com> (raw)
In-Reply-To: <1497286620-15027-4-git-send-email-s.mesoraca16@gmail.com>
On 6/12/2017 9:56 AM, Salvatore Mesoraca wrote:
> Creation of a new LSM hook that can be used to authorize or deauthorize
> new USB devices via the usb authorization interface.
> The same hook can also prevent the authorization of a USB device via
> "/sys/bus/usb/devices/DEVICE/authorized".
> Using this hook an LSM could provide an higher level of granularity
> than the current authorization interface.
>
> Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
> Cc: linux-usb@vger.kernel.org
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
> drivers/usb/core/hub.c | 4 ++++
> drivers/usb/core/sysfs.c | 6 +++++-
> include/linux/lsm_hooks.h | 6 ++++++
> include/linux/security.h | 7 +++++++
> security/security.c | 5 +++++
> 5 files changed, 27 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
> index b8bb20d..58be4f0 100644
> --- a/drivers/usb/core/hub.c
> +++ b/drivers/usb/core/hub.c
> @@ -28,6 +28,7 @@
> #include <linux/mutex.h>
> #include <linux/random.h>
> #include <linux/pm_qos.h>
> +#include <linux/security.h>
>
> #include <linux/uaccess.h>
> #include <asm/byteorder.h>
> @@ -4831,6 +4832,9 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
> if (udev->quirks & USB_QUIRK_DELAY_INIT)
> msleep(1000);
>
> + if (security_usb_device_auth(udev))
> + usb_deauthorize_device(udev);
> +
> /* consecutive bus-powered hubs aren't reliable; they can
> * violate the voltage drop budget. if the new child has
> * a "powered" LED, users should notice we didn't enable it
> diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c
> index dfc68ed..fce9d39 100644
> --- a/drivers/usb/core/sysfs.c
> +++ b/drivers/usb/core/sysfs.c
> @@ -17,6 +17,7 @@
> #include <linux/usb.h>
> #include <linux/usb/quirks.h>
> #include <linux/of.h>
> +#include <linux/security.h>
> #include "usb.h"
>
> /* Active configuration fields */
> @@ -742,8 +743,11 @@ static ssize_t authorized_store(struct device *dev,
> result = -EINVAL;
> else if (val == 0)
> result = usb_deauthorize_device(usb_dev);
> - else
> + else {
> + if (security_usb_device_auth(usb_dev))
> + return -EPERM;
Return the error reported by the hook rather than -EPERM.
> result = usb_authorize_device(usb_dev);
> + }
> return result < 0 ? result : size;
> }
> static DEVICE_ATTR_IGNORE_LOCKDEP(authorized, S_IRUGO | S_IWUSR,
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index bd274db..cc0937e 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -1189,6 +1189,10 @@
> * to the @parent process for tracing.
> * @parent contains the task_struct structure for debugger process.
> * Return 0 if permission is granted.
> + * @usb_device_auth:
> + * Check if @udev device should be authorized or not.
> + * @udev contains the usb_device structure for the USB device.
> + * Return 0 if the device is allowed.
> * @capget:
> * Get the @effective, @inheritable, and @permitted capability sets for
> * the @target process. The hook may also perform permission checking to
> @@ -1352,6 +1356,7 @@
> int (*ptrace_access_check)(struct task_struct *child,
> unsigned int mode);
> int (*ptrace_traceme)(struct task_struct *parent);
> + int (*usb_device_auth)(const struct usb_device *udev);
> int (*capget)(struct task_struct *target, kernel_cap_t *effective,
> kernel_cap_t *inheritable, kernel_cap_t *permitted);
> int (*capset)(struct cred *new, const struct cred *old,
> @@ -1670,6 +1675,7 @@ struct security_hook_heads {
> struct list_head binder_transfer_file;
> struct list_head ptrace_access_check;
> struct list_head ptrace_traceme;
> + struct list_head usb_device_auth;
> struct list_head capget;
> struct list_head capset;
> struct list_head capable;
> diff --git a/include/linux/security.h b/include/linux/security.h
> index af675b5..19bc364 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -30,6 +30,7 @@
> #include <linux/string.h>
> #include <linux/mm.h>
> #include <linux/fs.h>
> +#include <linux/usb.h>
>
> struct linux_binprm;
> struct cred;
> @@ -196,6 +197,7 @@ int security_binder_transfer_file(struct task_struct *from,
> struct task_struct *to, struct file *file);
> int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
> int security_ptrace_traceme(struct task_struct *parent);
> +int security_usb_device_auth(const struct usb_device *udev);
> int security_capget(struct task_struct *target,
> kernel_cap_t *effective,
> kernel_cap_t *inheritable,
> @@ -434,6 +436,11 @@ static inline int security_ptrace_traceme(struct task_struct *parent)
> return cap_ptrace_traceme(parent);
> }
>
> +static inline int security_usb_device_auth(const struct usb_device *udev)
> +{
> + return 0;
> +}
> +
> static inline int security_capget(struct task_struct *target,
> kernel_cap_t *effective,
> kernel_cap_t *inheritable,
> diff --git a/security/security.c b/security/security.c
> index 42c8028..e390f99 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -214,6 +214,11 @@ int security_ptrace_traceme(struct task_struct *parent)
> return call_int_hook(ptrace_traceme, 0, parent);
> }
>
> +int security_usb_device_auth(const struct usb_device *udev)
> +{
> + return call_int_hook(usb_device_auth, 0, udev);
> +}
> +
> int security_capget(struct task_struct *target,
> kernel_cap_t *effective,
> kernel_cap_t *inheritable,
next prev parent reply other threads:[~2017-06-12 21:31 UTC|newest]
Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-12 16:56 [PATCH 00/11] S.A.R.A. a new stacked LSM Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 01/11] S.A.R.A. Documentation Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 17:49 ` [kernel-hardening] " Jann Horn
2017-06-12 17:49 ` Jann Horn
2017-06-13 7:43 ` Salvatore Mesoraca
2017-06-13 7:43 ` Salvatore Mesoraca
2017-06-27 22:51 ` Kees Cook
2017-06-27 22:51 ` [kernel-hardening] " Kees Cook
2017-06-27 22:51 ` Kees Cook
2017-06-27 22:54 ` Kees Cook
2017-06-27 22:54 ` [kernel-hardening] " Kees Cook
2017-06-27 22:54 ` Kees Cook
2017-07-04 10:12 ` Salvatore Mesoraca
2017-07-04 10:12 ` [kernel-hardening] " Salvatore Mesoraca
2017-07-04 10:12 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 02/11] S.A.R.A. framework creation Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 03/11] Creation of "usb_device_auth" LSM hook Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 17:35 ` Krzysztof Opasiak
2017-06-12 17:35 ` [kernel-hardening] " Krzysztof Opasiak
2017-06-12 17:35 ` Krzysztof Opasiak
2017-06-13 7:47 ` Salvatore Mesoraca
2017-06-13 7:47 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-13 7:47 ` Salvatore Mesoraca
2017-06-12 19:38 ` Greg Kroah-Hartman
2017-06-12 19:38 ` [kernel-hardening] " Greg Kroah-Hartman
2017-06-12 19:38 ` Greg Kroah-Hartman
2017-06-13 7:50 ` Salvatore Mesoraca
2017-06-13 7:50 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-13 7:50 ` Salvatore Mesoraca
2017-06-12 21:31 ` Casey Schaufler [this message]
2017-06-12 21:31 ` [kernel-hardening] " Casey Schaufler
2017-06-12 21:31 ` Casey Schaufler
2017-06-13 7:51 ` Salvatore Mesoraca
2017-06-13 7:51 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-13 7:51 ` Salvatore Mesoraca
2017-06-13 1:15 ` kbuild test robot
2017-06-13 1:15 ` [kernel-hardening] " kbuild test robot
2017-06-13 1:15 ` kbuild test robot
2017-06-13 3:11 ` kbuild test robot
2017-06-13 3:11 ` [kernel-hardening] " kbuild test robot
2017-06-13 3:11 ` kbuild test robot
2017-06-12 16:56 ` [PATCH 04/11] S.A.R.A. USB Filtering Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-20 7:07 ` Pavel Machek
2017-06-20 7:07 ` [kernel-hardening] " Pavel Machek
2017-06-20 7:53 ` Salvatore Mesoraca
2017-06-20 7:53 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-20 7:53 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 05/11] Creation of "check_vmflags" LSM hook Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 21:31 ` Casey Schaufler
2017-06-12 21:31 ` [kernel-hardening] " Casey Schaufler
2017-06-12 21:31 ` Casey Schaufler
2017-06-12 21:31 ` Casey Schaufler
2017-06-13 7:55 ` Salvatore Mesoraca
2017-06-13 7:55 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-13 7:55 ` Salvatore Mesoraca
2017-06-13 7:55 ` Salvatore Mesoraca
2017-06-13 6:34 ` Christoph Hellwig
2017-06-13 6:34 ` [kernel-hardening] " Christoph Hellwig
2017-06-13 6:34 ` Christoph Hellwig
2017-06-13 6:34 ` Christoph Hellwig
2017-06-13 7:52 ` Salvatore Mesoraca
2017-06-13 7:52 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-13 7:52 ` Salvatore Mesoraca
2017-06-13 7:52 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 06/11] S.A.R.A. cred blob management Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 07/11] S.A.R.A. WX Protection Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 08/11] Creation of "pagefault_handler_x86" LSM hook Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 17:32 ` Thomas Gleixner
2017-06-12 17:32 ` [kernel-hardening] " Thomas Gleixner
2017-06-12 17:32 ` Thomas Gleixner
2017-06-13 7:41 ` Salvatore Mesoraca
2017-06-13 7:41 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-13 7:41 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 09/11] Trampoline emulation Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-13 0:02 ` kbuild test robot
2017-06-13 0:02 ` [kernel-hardening] " kbuild test robot
2017-06-13 0:02 ` kbuild test robot
2017-06-12 16:56 ` [PATCH 10/11] Allowing for stacking procattr support in S.A.R.A Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 16:57 ` [PATCH 11/11] S.A.R.A. WX Protection procattr interface Salvatore Mesoraca
2017-06-12 16:57 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:57 ` Salvatore Mesoraca
2017-07-09 19:35 ` [kernel-hardening] [PATCH 00/11] S.A.R.A. a new stacked LSM Mickaël Salaün
2017-07-10 7:59 ` Salvatore Mesoraca
2017-07-10 7:59 ` Salvatore Mesoraca
2017-07-10 23:40 ` Mickaël Salaün
2017-07-11 16:58 ` Salvatore Mesoraca
2017-07-11 16:58 ` Salvatore Mesoraca
2017-07-11 17:49 ` Matt Brown
2017-07-11 17:49 ` Matt Brown
2017-07-11 19:31 ` Mimi Zohar
2017-07-11 19:31 ` Mimi Zohar
2017-07-13 12:39 ` Matt Brown
2017-07-13 12:39 ` Matt Brown
2017-07-13 15:19 ` Mimi Zohar
2017-07-13 15:19 ` Mimi Zohar
2017-07-13 19:51 ` Serge E. Hallyn
2017-07-13 19:51 ` Serge E. Hallyn
2017-07-13 22:33 ` Matt Brown
2017-07-13 22:33 ` Matt Brown
2017-07-24 0:58 ` Casey Schaufler
2017-07-24 0:58 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8219df49-321d-d032-48b5-cf1cd5a46664@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=gregkh@linuxfoundation.org \
--cc=james.l.morris@oracle.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=pageexec@freemail.hu \
--cc=s.mesoraca16@gmail.com \
--cc=serge@hallyn.com \
--cc=spender@grsecurity.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.