lwn.git/security/seclvl.c, branch docs-5.0-fix Linux kernel documentation tree maintained by Jonathan Corbet http://mirrors.hust.edu.cn/git/lwn.git/atom?h=docs-5.0-fix 2006-09-29T16:18:10+00:00 [PATCH] LSM: remove BSD secure level security module 2006-09-29T16:18:10+00:00 Chris Wright chrisw@sous-sol.org 2006-09-29T08:59:49+00:00 urn:sha1:3bc1fa8ae18f281b40903cce94baba10c3cf9d88 This code has suffered from broken core design and lack of developer attention. Broken security modules are too dangerous to leave around. It is time to remove this one. Signed-off-by: Chris Wright <chrisw@sous-sol.org> Acked-by: Michael Halcrow <mhalcrow@us.ibm.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Cc: Davi Arnaut <davi.arnaut@gmail.com> Acked-by: Greg Kroah-Hartman <gregkh@suse.de> Acked-by: James Morris <jmorris@namei.org> Acked-by: Alan Cox <alan@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> [CRYPTO] users: Use crypto_hash interface instead of crypto_digest 2006-09-21T01:46:21+00:00 Herbert Xu herbert@gondor.apana.org.au 2006-08-24T09:10:20+00:00 urn:sha1:35058687912aa2f0b4554383cc10be4e0683b9a4 This patch converts all remaining crypto_digest users to use the new crypto_hash interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Remove obsolete #include <linux/config.h> 2006-06-30T17:25:36+00:00 Jörn Engel joern@wohnheim.fh-wedel.de 2006-06-30T17:25:36+00:00 urn:sha1:6ab3d5624e172c553004ecc862bfeac16d9d68b7 Signed-off-by: Jörn Engel <joern@wohnheim.fh-wedel.de> Signed-off-by: Adrian Bunk <bunk@stusta.de> [PATCH] Bug fixes and cleanup for the BSD Secure Levels LSM 2006-03-23T15:38:03+00:00 Davi Arnaut davi.arnaut@gmail.com 2006-03-23T10:59:25+00:00 urn:sha1:6bb08da4773f584a7b4a838b6b770d7d18033af7 This patch address several issues in the current BSD Secure Levels code: o plaintext_to_sha1: Missing check for a NULL return from __get_free_page o passwd_write_file: A page is leaked if the password is wrong. o fix securityfs registration order o seclvl_init is a mess and can't properly tolerate failures, failure path is upside down (deldif and delf should be switched) Cleanups: o plaintext_to_sha1: Use buffers passed in o passwd_write_file: Use kmalloc() instead of get_zeroed_page() o passwd_write_file: hashedPassword comparison is just memcmp o s/ENOSYS/EINVAL/ o misc (akpm: after some discussion it appears that the BSD secure levels feature should be scheduled for removal. But for now, let's fix these problems up). Signed-off-by: Davi Arnaut <davi.arnaut@gmail.com> Cc: Michael Halcrow <mhalcrow@us.ibm.com> Cc: Chris Wright <chrisw@sous-sol.org> Cc: Stephen Smalley <sds@epoch.ncsc.mil> Cc: James Morris <jmorris@namei.org> Cc: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> Don't try to "validate" a non-existing timeval. 2006-01-31T18:16:55+00:00 Linus Torvalds torvalds@g5.osdl.org 2006-01-31T18:16:55+00:00 urn:sha1:951069e311a2a931bf7c9d838db860f90bf14c45 settime() with a NULL timeval is silly but legal. Noticed by Dave Jones <davej@redhat.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org> [PATCH] seclvl: use securityfs (fix) 2005-09-17T18:50:01+00:00 Serge Hallyn serue@us.ibm.com 2005-09-17T02:27:57+00:00 urn:sha1:9afa57b04ca08ff061e54787e3becf5c40283149 That should be -EINVAL for both. Signed-off-by: Serge Hallyn <serue@us.ibm.com> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> [PATCH] seclvl-use-securityfs tidy 2005-09-17T18:50:01+00:00 Andrew Morton akpm@osdl.org 2005-09-17T02:27:56+00:00 urn:sha1:d15c5749eb81dee94d40fe12584ca8461858b4cb We don't put braces around single statements, thanks. Cc: Serge Hallyn <serue@us.ibm.com> Cc: James Morris <jmorris@namei.org> Cc: Chris Wright <chrisw@osdl.org> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> Merge master.kernel.org:/pub/scm/linux/kernel/git/chrisw/lsm-2.6 2005-09-13T16:48:54+00:00 Linus Torvalds torvalds@g5.osdl.org 2005-09-13T16:48:54+00:00 urn:sha1:ddbf9ef385bfbef897210733abfb73cb9b94ecec [CRYPTO]: Use CRYPTO_TFM_REQ_MAY_SLEEP where appropriate 2005-09-02T00:43:25+00:00 Herbert Xu herbert@gondor.apana.org.au 2005-09-02T00:43:25+00:00 urn:sha1:eb6f1160ddb2fdadf50f350da79d0796c37f17e2 This patch goes through the current users of the crypto layer and sets CRYPTO_TFM_REQ_MAY_SLEEP at crypto_alloc_tfm() where all crypto operations are performed in process context. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> [PATCH] seclvl securityfs 2005-07-09T01:49:05+00:00 serue@us.ibm.com serue@us.ibm.com 2005-07-08T20:44:19+00:00 urn:sha1:5a73c308754e27829c94544e010f133019cbd432 Once again, the simple_attr in libfs was actually sufficient - I'd thought the __attribute__(format(printk(1,2))) was more mysterious than it really is. At last, here is the full patch to make seclvl use securityfs. Signed-off-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Chris Wright <chrisw@osdl.org> -- seclvl.c | 228 +++++++++++++++++++-------------------------------------------- 1 files changed, 70 insertions(+), 158 deletions(-) Index: linux-2.6.13-rc1/security/seclvl.c ===================================================================