Re: [PATCH] xfrm: redact SA secret with lockdown confidentiality

[PATCH ipsec-next] xfrm: add /proc/sys/core/net/xfrm_redact_secret · Antony Antony <hidden> · 2020-07-28
Re: [PATCH ipsec-next] xfrm: add /proc/sys/core/net/xfrm_redact_secret · Herbert Xu <herbert@gondor.apana.org.au> · 2020-07-28
Re: [PATCH ipsec-next] xfrm: add /proc/sys/core/net/xfrm_redact_secret · Antony Antony <hidden> · 2020-07-28
Re: [PATCH ipsec-next] xfrm: add /proc/sys/core/net/xfrm_redact_secret · Stephan Mueller <hidden> · 2020-07-28
Re: [PATCH ipsec-next] xfrm: add /proc/sys/core/net/xfrm_redact_secret · Antony Antony <hidden> · 2020-08-20
[PATCH ipsec-next v2] xfrm: add /proc/sys/core/net/xfrm_redact_secret · Antony Antony <hidden> · 2020-08-20
Re: [PATCH ipsec-next v2] xfrm: add /proc/sys/core/net/xfrm_redact_secret · Jakub Kicinski <kuba@kernel.org> · 2020-08-20
Re: [PATCH ipsec-next v2] xfrm: add /proc/sys/core/net/xfrm_redact_secret · Nicolas Dichtel <hidden> · 2020-08-20
[PATCH ipsec-next v3] xfrm: add /proc/sys/core/net/xfrm_redact_secret · Antony Antony <hidden> · 2020-08-20
Re: [PATCH ipsec-next v3] xfrm: add /proc/sys/core/net/xfrm_redact_secret · David Miller <davem@davemloft.net> · 2020-08-20
Re: [PATCH ipsec-next v3] xfrm: add /proc/sys/core/net/xfrm_redact_secret · Antony Antony <hidden> · 2020-08-24
Re: [PATCH ipsec-next v3] xfrm: add /proc/sys/core/net/xfrm_redact_secret · Antony Antony <hidden> · 2020-08-27
Re: [PATCH ipsec-next v3] xfrm: add /proc/sys/core/net/xfrm_redact_secret · David Miller <davem@davemloft.net> · 2020-08-27
[PATCH] xfrm: redact SA secret with lockdown confidentiality · Antony Antony <hidden> · 2020-10-16
Re: [PATCH] xfrm: redact SA secret with lockdown confidentiality · Steffen Klassert <steffen.klassert@secunet.com> · 2020-10-31
Re: [PATCH] xfrm: redact SA secret with lockdown confidentiality · Antony Antony <hidden> · 2020-11-17
[PATCH ipsec-next v5] xfrm: redact SA secret with lockdown confidentiality · Antony Antony <hidden> · 2020-11-17
Re: [PATCH ipsec-next v5] xfrm: redact SA secret with lockdown confidentiality · Steffen Klassert <steffen.klassert@secunet.com> · 2020-11-23

From: Steffen Klassert <steffen.klassert@secunet.com>
Date: 2020-10-31 10:49:16
Also in: linux-security-module

On Fri, Oct 16, 2020 at 03:36:12PM +0200, Antony Antony wrote:

redact XFRM SA secret in the netlink response to xfrm_get_sa()
or dumpall sa.
Enable this at build time and set kernel lockdown to confidentiality.

Wouldn't it be better to enable is at boot or runtime? This defaults
to 'No' at build time, so distibutions will not compile it in. That
means that noone who uses a kernel that comes with a Linux distribution
can use that.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help