| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 09 Jul 2009 15:28:58 -0400 From: "David P. Quigley" <dpquigl@...ho.nsa.gov> To: Greg KH <gregkh@...e.de> Cc: jmorris@...ei.org, sds@...ho.nsa.gov, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [PATCH] Security/sysfs: Enable security xattrs to be set on sysfs files, directories, and symlinks. On Thu, 2009-07-09 at 10:52 -0700, Greg KH wrote: > On Thu, Jul 09, 2009 at 01:13:33PM -0400, David P. Quigley wrote: > > The issue is that there really aren't any LSM hooks to accommodate that. > > I have a few LSM hooks for the Labeled NFS work which could be used for > > this but it still requires us to store the full xattr value somewhere > > and referencing it in the sysfs_dirent structure. > > A void pointer would handle that properly, right? A void pointer would suffice if we wanted to store the opaque blob. My argument is that storing that blob is too heavy weight memory wise. > > > The issue here is that there are two ways of presenting security > > information. The first is through the xattr interface which represents > > the security information as an opaque blob which the LSM turns into an > > internal representation. The second which is left over from the early > > days is the secid which I equate to a file handle. The problem I see > > is that the opaque blob (the xattr) is the interface presented to user > > space. It isn't really used internally except to turn it into a data > > structure or to write it to disk for persistence. > > That is the way that selinux does it, do the other lsms also handle it > this way? Casey handles this a different way in Smack but it has more to do with his model than his design. Since a Smack label is just a simple 23 byte string he doesn't do any conversion to store it in Smack. SELinux differs in that the label contains 4 components so these get broken out into the security structure so they can be handled separately by the security structure. I can't say for certain but I would probably say that a label based LSM which attempts to implement several models will probably have to do what SELinux does. The only thing I'm concerned with is that Casey did mention when I was creating hooks for the Labeled NFS work a situation where an LSM may implement multiple security.* xattrs. We don't currently have any LSMs that work that way so I'm not sure if I need to handle that now. > > > The situation we have with sysfs is that there is no persistence for > > labels and the in-core inode maybe evicted so we need a way of > > persisting changes from the default label. > > So you put it in the structure you did, which is correct. You should > also listen to all sysfs netlink messages to be sure to lable things > when they are created, to handle the lack of persistence. Thanks for the heads up. I'll make sure I look into this. > > thanks, > > greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists