Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp38569imm; Thu, 27 Sep 2018 15:32:48 -0700 (PDT) X-Google-Smtp-Source: ACcGV62c9cBZ8gAnQL+KcAYSLMxO4YVBU/UERo/OhUb/hjqNDUDw98AsHCyEOcEu7jWtkoUU0Gzt X-Received: by 2002:a63:4c4e:: with SMTP id m14-v6mr10547733pgl.173.1538087568487; Thu, 27 Sep 2018 15:32:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538087568; cv=none; d=google.com; s=arc-20160816; b=QudJpUC1gsUEasM6+FfN//c1dbFm+QcBdO9+LQoXpqPbVTyjFIFNYMo9ImHYQaXkZu rDMMDUja8fgk1eS9cDHkGdXAHMFj3vyOeq94UW38hqXeSGrs/F4bPTVy8mu7ydWEbqKz YZDez6gFCNlATtU8h7DIZdiVXB+kbJW/OaVCU68mDv9yF6+WZubfCwBel/VTtSYlbIsW Oy+ML87HLG2w8JYJ1PXuiwKEAClMmO5z1SKUPP9vXbn/iDP2ClXNtUimxvOenT48tkWp R72Nqm/ylt291e24f7vPy+pPxvmU7yrDHbSWGfDWms9bMin2Qfh0ULKIjuWrlV6cJv5Y V85g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=+blMXPnkw9U+tzuzdgsEaDHx14656Bl0m+1PHfJ8+40=; b=d3AsVQqWuNAhnDSVfVFvVFQxosTZDNBPP1O+dDvn27477ro3oY43HgqYM1dEbZ/NP+ ER7Jbs9z5y8m0vwk5sjcs+sY4eavwiE57O3uBvgI0CFnNdAHkOKRjjAR3O+oc/qsGVgt K5p+yYUVFd+q9UYRA/XCmRvDME4b81vqSDEppd5J5UjF8G43UGbaYQCI4riejF8I2AXN OJW/J1Gt9f9a/EcjA4JGtiFzmVaqrlIJJBLxYaSEmFj/a8Ge797bZuCMdZsJxtANT3pF +hpjNJvDpTl8pqFLxDXLeVH4RVe3huQs4IpYQ7j+cYeyATvhnVs5avkU0VQbKcSwwp9q OEHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=ejlvwa1k; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s13-v6si3546622pfc.149.2018.09.27.15.32.29; Thu, 27 Sep 2018 15:32:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=ejlvwa1k; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727584AbeI1Ewu (ORCPT + 99 others); Fri, 28 Sep 2018 00:52:50 -0400 Received: from sonic302-28.consmr.mail.gq1.yahoo.com ([98.137.68.154]:37077 "EHLO sonic302-28.consmr.mail.gq1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725957AbeI1Ewt (ORCPT ); Fri, 28 Sep 2018 00:52:49 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1538087537; bh=+blMXPnkw9U+tzuzdgsEaDHx14656Bl0m+1PHfJ8+40=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=ejlvwa1khTIu14bwj0r1dvT79gXy9NMBvbqJLUkNqC7ICCSpYxOs3BC24U7Ax+6r2OjmNnx00JkmM4GtkLIF9geE9dtki4rJ7D/nZzNkS/HuMTYduWSlhRQ8Rf0l4RyfvE5Cf6vFKTZwRnkyxLJ3HbrtJYKHrD6rB/FOo8655HrdRGT4l+RDPjmKY4+DhSo8SvzesG6PyMCe2MaqaOhs4d8K8KRtCqloxcPXPUVUQ0C+I7h46niA3Sp4f1+UvaaFixCKeiUO3svxj8gx4zC4JwVshmlLQTAj5IeZYqDAippObWo37iBmhRf5yjFR/iOkMmUnNsls3bWuwI0V5RziTQ== X-YMail-OSG: fWCKTBoVM1mapm2MjLU.KDC509byz1mEVx4vhIcz03b3GH8eNGx_SA85S6wH94. WLtI7YVdVDVTUL5XMzBwR_NZKp1TpDzqR0ZQYSgiuNYR3kwQb1nLGJ0E.lr0PKer4ItwAdZZN7MY uKNhHdI59yn.QWrJ3fWlTpptFtekv5p2JyDylDJgVtRz66A7alWHZ2HfK9zhGd4_8BAo1.XxMtVC yN632Il8D3rQqeNr4ld_XH1OzbxIrOX4JJDy2QFwr0nAxvkF2GDZY3BNvGJ3H6VpfJkd09mQKLjN 6PPpIkhU.R.e2LRtPc47t8zU5uuStbERuTpyu07cCZ48F4eus1FzjkCH78bFicT59C0K5scCAnhr 8GLiNwKeb4LiAcQntqEeGHRbJSbdLwqBZy49RhiHC_nTfOh6VmLnRnZfHfo_OiZ9qc60aqGGXRnt EsNmafSG41D_kmWKopX4q9iujqQKKGa9xD.xjVAZ5HNQE_z7Tz82QN2KHJZel8vtwZPaik_LlwjL nANI1M3ZBBrnS01CwTcye4j560QEkXv7TjhRLFziZc0SficUlhMUtN71nzf0nIvClgVRCAcU3pnG CM2EJljQaFTp1lyReSH3RzYSH7za3csRZ4mUyjgvCze4YE.QnYVSZ6rc_Xg5jJJ4TKloFmE9FQR6 JSKw3rN7MNzhnA2MJEjRJ.DMBbH2nqOrs.p4Y2srxxQ9kYw4WxBRGaKHjYDMrVlkv_ck.wEEsceV aiMX5fUGaBiT4uup6uVIjiD1GtLbrYXVV1W.JkszyBylCrrKyxvrygea4ZOoVupUCOwLkFT9yP3D 3RPS5.39ZwnbCWkEPFw8n_7rNnpibgBqUfuqcACCZ4Y_9k2.GCvPqVPjcDR2z9R6sIwZtFDekQ8b l78_R1_I0bH81VfdTvUnB.m6yj9trkGyIoW4ywkrk0Ka5iKj1cjp9uEL8C0p2jDqqzA_fiEfuAYc .TvWzS8sJ0OqK6n_DvrIaZ7Px3ysMNNGIV9IWTIOyARvCrf.HEUuR5974sLmXVRsymI3DNlYDudI oPWhCb__adbHHV6kucvs- Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.gq1.yahoo.com with HTTP; Thu, 27 Sep 2018 22:32:17 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp425.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 0b03ad2633d2b766f3841f07f09ec377; Thu, 27 Sep 2018 22:32:16 +0000 (UTC) Subject: Re: [PATCH v4 04/19] SELinux: Remove cred security blob poisoning To: James Morris Cc: LSM , SE Linux , LKLM , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , Salvatore Mesoraca References: <5360cd42-5827-58af-515c-6e1ded1d9154@schaufler-ca.com> From: Casey Schaufler Message-ID: <84719272-fb62-76b6-b2fd-f0c36d49707d@schaufler-ca.com> Date: Thu, 27 Sep 2018 15:32:15 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 9/27/2018 3:13 PM, James Morris wrote: > On Fri, 21 Sep 2018, Casey Schaufler wrote: > >> The SELinux specific credential poisioning only makes sense >> if SELinux is managing the credentials. As the intent of this >> patch set is to move the blob management out of the modules >> and into the infrastructure, the SELinux specific code has >> to go. The poisioning could be introduced into the infrastructure >> at some later date. > If it's useful, it should be incorporated into core LSM, otherwise that's > a regression for SELinux When I discussed this code with David Howells he indicated that it was primarily used for debugging the original shared credential implementation and that is was not especially valuable any longer. If someone thinks it is valuable we should consider doing it in the infrastructure for all the blobs, not just the credential.