lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1223997856.5193.81.camel@moss-spartans.epoch.ncsc.mil>
Date:	Tue, 14 Oct 2008 11:24:16 -0400
From:	Stephen Smalley <sds@...ho.nsa.gov>
To:	Ingo Molnar <mingo@...e.hu>
Cc:	Tejun Heo <tj@...nel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	Jens Axboe <jens.axboe@...cle.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	"H. Peter Anvin" <hpa@...or.com>, Yinghai Lu <yinghai@...nel.org>,
	James Morris <jmorris@...ei.org>,
	Eric Paris <eparis@...isplace.org>,
	Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [bug] latest -git boot hang

On Tue, 2008-10-14 at 17:12 +0200, Ingo Molnar wrote:
> * Stephen Smalley <sds@...ho.nsa.gov> wrote:
> 
> > > Right now i have about 40 such annotations for -tip testing:
> > > 
> > >   fs/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > >   fs/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > >   security/selinux/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > >   security/smack/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > >   security/Kconfig:	depends on BROKEN_BOOT_ALLOWED
> > 
> > What in particular under fs/Kconfig and security/*Kconfig falls into 
> > this category, and why?  What constitutes a "generic distro bootup"? 
> > For distros that support SELinux, it obviously shouldn't break the 
> > bootup (there have of course been cases where it has, but those were 
> > bugs that have been addressed, including the recent /proc/net 
> > breakage), and for other distros, it should yield no effect as no 
> > policy will be loaded and thus SELinux just allows everything.
> 
> got this one for rootplug:
> 
> --- linux.orig/security/Kconfig
> +++ linux/security/Kconfig
> @@ -93,6 +93,11 @@ config SECURITY_FILE_CAPABILITIES
>  config SECURITY_ROOTPLUG
>         bool "Root Plug Support"
>         depends on USB=y && SECURITY
> +
> +       # fails with hard-to-debug "could not find init" boot failure
> +       depends on BROKEN_BOOT_ALLOWED
> +       select BROKEN_BOOT

Makes sense - rootplug truly is "specialized".

> 
> and this one:
> 
> --- linux.orig/security/selinux/Kconfig
> +++ linux/security/selinux/Kconfig
> @@ -97,6 +97,11 @@ config SECURITY_SELINUX_CHECKREQPROT_VAL
>  config SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT
>         bool "NSA SELinux enable new secmark network controls by default"
>         depends on SECURITY_SELINUX
> +
> +       # old system booted up with this cannot ssh out
> +       depends on BROKEN_BOOT_ALLOWED
> +       select BROKEN_BOOT

What is the oldest distro you test against?  This one does need to be
disabled for distros that predate the policy support for secmark, but
we'd really like to deprecate and ultimately remove the legacy network
controls from SELinux.

> i also have this temporary annotation:
> 
> --- linux.orig/security/smack/Kconfig
> +++ linux/security/smack/Kconfig
> @@ -1,6 +1,9 @@
>  config SECURITY_SMACK
>         bool "Simplified Mandatory Access Control Kernel Support"
>         depends on NETLABEL && SECURITY_NETWORK
> +       # breaks networking (TCP connections)
> +       depends on BROKEN_BOOT_ALLOWED
> +       select BROKEN_BOOT
>         default n
>         help
>           This selects the Simplified Mandatory Access Control Kernel.
> 
> has this problem been fixed? A test is only a success if the freshly 
> booted kernel can autonomously ssh out over a real network and can 
> indicate success to the QA server. I've got a good mix of old and new 
> distros as well.

I thought that Casey had changed Smack such that packets wouldn't be
explicitly labeled by default when they were at the default/ambient
network label and thus wouldn't break sshd.

-- 
Stephen Smalley
National Security Agency

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ