Re: [PATCH v2 05/20] randstruct: Whitelist struct security_hook_heads cast

From: Christoph Hellwig
Date: Sat May 27 2017 - 04:41:56 EST

Next message: Thomas Gleixner: "[GIT pull] ras fixes for 4.12"
Previous message: Xiaoguang Chen: "[PATCH v6 0/6] drm/i915/gvt: Dma-buf support for GVT-g"
In reply to: Kees Cook: "[PATCH v2 05/20] randstruct: Whitelist struct security_hook_heads cast"
Next in thread: Kees Cook: "Re: [PATCH v2 05/20] randstruct: Whitelist struct security_hook_heads cast"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 26, 2017 at 01:17:09PM -0700, Kees Cook wrote:
> The LSM initialization routines walk security_hook_heads as an array
> of struct list_head instead of via names to avoid a ton of needless
> source. Whitelist this to avoid the false positive warning from the
> plugin:

I think this crap just needs to be fixed properly. If not it almost
defeats the protections as the "security" ops are just about everywhere.

Next message: Thomas Gleixner: "[GIT pull] ras fixes for 4.12"
Previous message: Xiaoguang Chen: "[PATCH v6 0/6] drm/i915/gvt: Dma-buf support for GVT-g"
In reply to: Kees Cook: "[PATCH v2 05/20] randstruct: Whitelist struct security_hook_heads cast"
Next in thread: Kees Cook: "Re: [PATCH v2 05/20] randstruct: Whitelist struct security_hook_heads cast"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]