Issue 6677065: CHROMIUM: Pull in Yama LSM

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 6677065: CHROMIUM: Pull in Yama LSM (Closed)

Created:
9 years, 9 months ago by Will Drewry

Modified:
9 years, 7 months ago

Reviewers:
Olof Johansson, kees.cook, ups

CC:
chromium-os-reviews_chromium.org, vb+kernel_google.com, Olof Johansson, msb+croskernel_chromium.org

Base URL:
ssh://git@gitrw.chromium.org:9222/kernel.git@master

Visibility:
Public.

Description

CHROMIUM: Pull in Yama LSM Until we integrate a more complete LSM or an out of tree framework like GRsecurity, pull in the baseline protections from Yama: https://patchwork.kernel.org/patch/108412/raw/ It provides a tangible enhancement to the baseline security of a Linux kernel-based operating system. (Notably, ptrace scoping is useful since we can't just kill ptrace.) Signed-off-by: Will Drewry <wad@chromium.org>; R=olofj@chromium.org,ups@chromium.org BUG=chromium-os:13131 TEST=As follows: - boot and run x86 basic usage => PASS - boot and run x86 in dev mode: sleep 3600 & gdb -p sleep_pid [access denied] sudo gdb -p sleep_pid [success] => PASS - boot and run x86 and cause chrome SEGV kill -SEGV chrome_pid /home/chronos/user/crash has crash data => PASS - boot and run the various autotest testsuites [in progress] All tests imply a configuration change which will be mailed separately.

Patch Set 1 #

Created: 9 years, 9 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+367 lines, -0 lines)			Patch
A	Documentation/Yama.txt	View	1 chunk	+91 lines, -0 lines	0 comments	Download
M	security/Kconfig	View	4 chunks	+6 lines, -0 lines	0 comments	Download
M	security/Makefile	View	2 chunks	+2 lines, -0 lines	0 comments	Download
A	security/yama/Kconfig	View	1 chunk	+13 lines, -0 lines	0 comments	Download
A	security/yama/Makefile	View	1 chunk	+3 lines, -0 lines	0 comments	Download
A	security/yama/yama_lsm.c	View	1 chunk	+252 lines, -0 lines	0 comments	Download

Messages

Total messages: 3 (0 generated)

Expand Messages | Collapse Messages

kees.cook

Updated patch series is here, which fixes bugs needed to operate correctly with Breakpad: http://kernel.ubuntu.com/git?p=kees/linux-2.6.git;a=shortlog;h=refs/heads/yama

9 years, 9 months ago (2011-03-16 00:28:56 UTC) #2

Will Drewry

9 years, 9 months ago (2011-03-16 01:43:04 UTC) #3

On 2011/03/16 00:28:56, kees.cook wrote:
> Updated patch series is here, which fixes bugs needed to operate correctly
with
> Breakpad:
> 
> http://kernel.ubuntu.com/git?p=kees/linux-2.6.git;a=shortlog;h=refs/heads/yama

Thanks!

Reviewers: I'm going to close this and push up a patch series that includes all
current yama relevent changes.  Incoming!

Expand Messages | Collapse Messages