Re: secure computing for 2.6.7

[Andi Kleen]

Andrea Arcangeli <andrea@xxxxxxxxxxxx> writes:

> +/*
> + * bump this sequence number after fixing any kernel security bug
> + * that could render insecure some userspace application. This
> + * way future versions of the userpace application will be able
> + * to reliably make sure to run on a secure kernel.
> + * I hope 31bit are enough... ;).
> + */
> +static int security_sequence;

I don't think a sequence number is a good idea. Consider a
vendor/third party kernel fixing a security bug, but mainline hasn't
taken the patch yet for some reason.

The vendor kernel could not safely increase this number, because it 
could conflict with some other security bug fixed in mainline at the 
same time. 

The end result would be that the kernel would be fixed, but 
the application has no way to tell.

Better may be a bitmap, but even there you still have an problem 
with allocating these bits. 

A safe solution would be a file in /proc that lists CAN idenitifiers of
fixed bugs or similar, but that may be quite some overhead to maintain
and parse.

-Andi

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/