Received: by 10.213.65.68 with SMTP id h4csp1724063imn; Sun, 1 Apr 2018 13:09:48 -0700 (PDT) X-Google-Smtp-Source: AIpwx49XVjMiKtbXBRGwy7fXGMXUwz+0GHwg697rnZeWfOWFPxg3LjBI1irMfkxYB5iOx1bO3zHK X-Received: by 10.99.126.24 with SMTP id z24mr4649736pgc.110.1522613388489; Sun, 01 Apr 2018 13:09:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522613388; cv=none; d=google.com; s=arc-20160816; b=ja1OtFtq4JjzgBSX0yBuuVSquu8Vvoj7DLPXfUiNPIFybvVyOFl1LbSf4SAe+pd4IY nYSOrpfzIOeEqJbUnPLS6Ak+M7kiRPY3SheOIIqENwOvDhKe2G1Ua6M0JbiXROc7n0kh ZP8F/9kSuFede23ysmyq+EJBjP4cmjqsLdeBWQs8f3Ns9/2TQysHVziadK9WuF2/AdC/ EXkwCVGuSlsT4Pjd4IVGkEwIS7VClyuqiKAorKnfOoEZwq8dANhZSQU1qQqelCyzrO0i 5VYEhL28U+/p00Xju3RfDI3+Yi+F7W102SPfkhbnZAvHg22tR+d4bdgYRnwlRf8hy8Jj lfWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=U0CS2LDSMDRK21KCIs+ALFr0ZiwliBkR/r695un43Rk=; b=VwCTZS1MZIzxtnffu3Z7eYyuQ0y7t29qoaPRrNZ1l6Ihj2eZOTEmWxOnzShhOk+Eeo cvU4lorY5paBxKxjX7osgZw4/FSY3dqMFcqrp7Q3QmzwEUtaXjSF598jrgE75yUIKWBK SwjeCfAIbSbWrY2SCia7Tl2FFpTbCpCpSl97INbmB6Wlf/Q3E6SAswH1YO4ONrRt19Ik etKzNHXGi574s/v41FRjbMmIjKICZW9l4XB6YUjL8NbHwiXv6KB/HSuWnpB+sm79JKFr D3nAiLwOT9KkbyheBM/IhGb+1yy0bEIeKxF0Nxs2giqfuYo0mlU7bO1hviex4HLOvaKB 2dXw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g4si4689217pgv.371.2018.04.01.13.09.34; Sun, 01 Apr 2018 13:09:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753923AbeDAUIa (ORCPT + 99 others); Sun, 1 Apr 2018 16:08:30 -0400 Received: from h2.hallyn.com ([78.46.35.8]:57548 "EHLO mail.hallyn.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753889AbeDAUI3 (ORCPT ); Sun, 1 Apr 2018 16:08:29 -0400 Received: by mail.hallyn.com (Postfix, from userid 1001) id AFB401205E7; Sun, 1 Apr 2018 15:08:27 -0500 (CDT) Date: Sun, 1 Apr 2018 15:08:27 -0500 From: "Serge E. Hallyn" To: Masanobu Koike Cc: jmorris@namei.org, serge@hallyn.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [RFC v3 0/2] WhiteEgret LSM module Message-ID: <20180401200827.GA28101@mail.hallyn.com> References: <20180330083031.2199-1-masanobu2.koike@toshiba.co.jp> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180330083031.2199-1-masanobu2.koike@toshiba.co.jp> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Quoting Masanobu Koike (masanobu2.koike@toshiba.co.jp): ... > Assumptions and ToDos > > At this stage, WhiteEgret assumes the following. > Relaxing these assumptions are future works. > - Root is not compromised. And using a whitelist and a WEUA > requires root privilege. > - WEUA is reliable. > - It is allowed for scripting languages, e.g., Perl or Python, > to read arbitrary scripts and to execute them. Hi, regardling the last one, do you have a plan for handling it?