lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 30 Apr 2017 11:35:26 +0200
From:   Mickaël Salaün <mic@...ikod.net>
To:     Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
        Casey Schaufler <casey@...aufler-ca.com>,
        linux-kernel@...r.kernel.org, Kees Cook <keescook@...omium.org>
Cc:     james.l.morris@...cle.com, serge@...lyn.com,
        linux-security-module@...r.kernel.org
Subject: Re: [PATCH v1] LSM: Enable multiple calls to security_add_hooks() for
 the same LSM


On 30/04/2017 04:11, Tetsuo Handa wrote:
> Casey Schaufler wrote:
>> On 4/29/2017 12:02 PM, Mickael Salaun wrote:
>>> Check if the registering LSM already registered hooks just before. This
>>> enable to split hook declarations into multiple files without
>>> registering multiple time the same LSM name, starting from commit
>>> d69dece5f5b6 ("LSM: Add /sys/kernel/security/lsm").
>>
>> What's special about the previous registration? Keep it
>> simple and check it the name is already anywhere on the
>> list and only add it if it's not already there. I don't
>> see advantage to:
>>
>> 	% cat /sys/kernel/security/lsm
>> 	capability,yama,spiffy,selinux,spiffy
>>
>> over
>> 	% cat /sys/kernel/security/lsm
>> 	capability,yama,spiffy,selinux
>>

That was my first though, but then I realized that I don't see any use
case where an LSM would register hooks interleaved with other LSM. I
find the current approach simpler because we only search from the end of
the string and we do not handle special cases (e.g. matching only a
sub-name). Moreover, this approach respects the semantic describe in
Documentation/security/LSM.txt: "The list reflects the order in which
checks are made".

> 
> -	if (lsm_append(lsm, &lsm_names) < 0)
> +	if (lsm && lsm_append(lsm, &lsm_names) < 0)
> 
> in security_add_hooks()?
> 

That was considered
[https://lkml.kernel.org/r/CAGXu5jJCvJ6-uZ=Kfhh3xD7UvaY+G99e9NXFMzvi=9OQzA6Ecg@mail.gmail.com]
but Kees and Casey seem to prefer the current approach.



Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ