lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200812021940.BBD43761.FLQtMOHJFSVOOF@I-love.SAKURA.ne.jp>
Date:	Tue, 2 Dec 2008 19:40:14 +0900
From:	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To:	sds@...ho.nsa.gov
Cc:	akpm@...ux-foundation.org, linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org, dhowells@...hat.com,
	jmorris@...ei.org, takedakn@...data.co.jp, haradats@...data.co.jp,
	penguin-kernel@...ove.SAKURA.ne.jp
Subject: Re: [TOMOYO #13 (mmotm 2008-11-19-02-19) 09/11] LSM adapter functions.

Hello.

Stephen Smalley wrote:
> > Removal of security_task_alloc() and security_task_free() by introduction of
> > COW credentials will become a nightmare when TOMOYO tries to add "u32".
> > Of cource, if TOMOYO is allowed to add "u32" to "struct task_struct",
> > COW credentials won't become a nightmare.
> 
> Can you explain exactly how you are using this per-task state and why it
> is a problem to create a new cred in the situations where you need to
> modify it?  I think that this issue needs to be addressed up front.
> 
Use of COW credentials saves memory usage as long as per-task variable doesn't
change, but creating a new cred after fork() introduces new error paths
(i.e. memory allocation failure) when per-task variable changes, and COW
credentials will no longer save memory if per-task variable differs each other.

I use this per-task variable for tracking and restricting access requests
issued by a process.
http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/fs/tomoyo_audit.c#L284
TOMOYO (version 1.6.x) provides "ability to change what request a process can
issue without involving execve()" according to "requests that process issued in
the past".
It is similar to AppArmor's chhat(), but it is done by the kernel and it is
done without modifying userland programs.

I use this per-task variable for remembering "whether the process is allowed to
modify policy or not". Since "the pathname of a program which is allowed to
modify policy" can be changed by package manager (e.g. "rpm" and "dpkg"),
I have to remember "whether the process ever had a pathname which is allowed to
modify policy or not".
http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/fs/ccs_common.c#L1420
http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/fs/tomoyo_domain.c#L1700

I use this per-task variable for holding "type of the process".
TOMOYO (version 1.6.x) provides "ability to record/verify/modify parameters
passed to execve()" by executing a userland helper instead of a program
passed to execve().
http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/fs/tomoyo_domain.c#L1736

And maybe more in future.
Worrying about memory allocation failure complicates things. Thus I want to
allocate memory on fork() and not after fork(). For that purpose, directly
assigning "u32" to "struct task_struct" is preferable over allocating on
demand.

Regards.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ