lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <406504.13718.qm@web36612.mail.mud.yahoo.com>
Date:	Wed, 5 Mar 2008 09:43:16 -0800 (PST)
From:	Casey Schaufler <casey@...aufler-ca.com>
To:	"Ahmed S. Darwish" <darwish.07@...il.com>,
	Casey Schaufler <casey@...aufler-ca.com>
Cc:	Chris Wright <chrisw@...s-sol.org>,
	Stephen Smalley <sds@...ho.nsa.gov>,
	James Morris <jmorris@...ei.org>,
	Eric Paris <eparis@...isplace.org>,
	Paul Moore <paul.moore@...com>,
	Alexey Dobriyan <adobriyan@...ru>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus <torvalds@...ux-foundation.org>,
	LKML <linux-kernel@...r.kernel.org>,
	LSM-ML <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH -v7 -rc3] Security: Introduce security= boot parameter


--- "Ahmed S. Darwish" <darwish.07@...il.com> wrote:

> Hi Casey,
> 
> On Wed, Mar 05, 2008 at 08:33:34AM -0800, Casey Schaufler wrote:
> > 
> > --- "Ahmed S. Darwish" <darwish.07@...il.com> wrote:
> > 
> ...
> > > 
> > > Do not let SMACK register smackfs if it was not chosen on
> > > boot. Smackfs assumes that smack hooks are registered and
> > > the initial task security setup (swapper->security) is done.
> > 
> > If the problem with initializing smackfs is because the
> > locks aren't initialized why not leave the lock initializations
> > in smack_init, and have them done before the check to see if the
> > smack LSM is going to get used? Really, we're only talking
> > about the case where a kernel is configured for testing or
> > development purposes, and the lock initialization can't
> > be considered a major impact in any case.
> > 
> 
> Beside the locking initialization issue, there's the current->security
> issue. smackfs init code code access current->security in 
> smk_unlbl_ambient().
> 
> As you know current->security may equal Null (Oops), or point to 
> another LSM structure that preceeded us in registration. 
> 
> The locking argument can't be applied here since we may override
> the other LSM tsk->security pointer this time.
> 
> Ofcourse all of the above points can be handleded by various
> if(current->security) checks + rechecking the read/write methods
> of each smackfs inode, but below only two lines will fix the 
> problem from its roots ;):
> 
> +	if (!security_module_enable(&smack_ops))
> +		return 0;
> 
> Is there a problem in the current approach that I'm not aware of ?

No, I made the common mistake of replying before I'd read all the
day's threads and didn't have all the information that you did.
Current LSM usage is really unfriendly to multiple "modules". I
don't see any problems with your current approach now that I've
dug into the issues a little further.

> You have your veto in this issue at the end ;)

I suppose, although that would be really stoopid when you're
doing all the hard work. Thank you.


Casey Schaufler
casey@...aufler-ca.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ