lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Oct 2022 11:26:44 +0200 From: Mickaël Salaün <mic@...ikod.net> To: Kees Cook <keescook@...omium.org> Cc: Mimi Zohar <zohar@...ux.ibm.com>, Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, Dmitry Kasatkin <dmitry.kasatkin@...il.com>, linux-security-module@...r.kernel.org, linux-integrity@...r.kernel.org, KP Singh <kpsingh@...nel.org>, Casey Schaufler <casey@...aufler-ca.com>, John Johansen <john.johansen@...onical.com>, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH 1/9] integrity: Prepare for having "ima" and "evm" available in "integrity" LSM On 14/10/2022 19:59, Kees Cook wrote: > On Fri, Oct 14, 2022 at 04:40:01PM +0200, Mickaël Salaün wrote: >> This is not backward compatible > > Why? Nothing will be running LSM hooks until init finishes, at which > point the integrity inode cache will be allocated. And ima and evm don't > start up until lateinit. > >> , but can easily be fixed thanks to >> DEFINE_LSM().order > > That forces the LSM to be enabled, which may not be desired? This is not backward compatible because currently IMA is enabled independently of the "lsm=" cmdline, which means that for all installed systems using IMA and also with a custom "lsm=" cmdline, updating the kernel with this patch will (silently) disable IMA. Using ".order = LSM_ORDER_FIRST," should keep this behavior. BTW, I think we should set such order (but maybe rename it) for LSMs that do nothing unless configured (e.g. Yama, Landlock). > >> Side node: I proposed an alternative to that but it was Nacked: >> https://lore.kernel.org/all/20210222150608.808146-1-mic@digikod.net/ > > Yeah, for the reasons pointed out -- that can't work. The point is to > not have The Default LSM. I do think Casey's NAK was rather prickly, > though. ;) I don't agree, there is no "the default LSM", and this new behavior is under an LSM_AUTO configuration option.
Powered by blists - more mailing lists