From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8RMWN3h028708 for ; Thu, 27 Sep 2018 18:32:23 -0400 To: James Morris Cc: LSM , SE Linux , LKLM , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , Salvatore Mesoraca References: <5360cd42-5827-58af-515c-6e1ded1d9154@schaufler-ca.com> From: Casey Schaufler Message-ID: <84719272-fb62-76b6-b2fd-f0c36d49707d@schaufler-ca.com> Date: Thu, 27 Sep 2018 15:32:15 -0700 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Subject: Re: [PATCH v4 04/19] SELinux: Remove cred security blob poisoning List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: On 9/27/2018 3:13 PM, James Morris wrote: > On Fri, 21 Sep 2018, Casey Schaufler wrote: > >> The SELinux specific credential poisioning only makes sense >> if SELinux is managing the credentials. As the intent of this >> patch set is to move the blob management out of the modules >> and into the infrastructure, the SELinux specific code has >> to go. The poisioning could be introduced into the infrastructure >> at some later date. > If it's useful, it should be incorporated into core LSM, otherwise that's > a regression for SELinux When I discussed this code with David Howells he indicated that it was primarily used for debugging the original shared credential implementation and that is was not especially valuable any longer. If someone thinks it is valuable we should consider doing it in the infrastructure for all the blobs, not just the credential.