lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1247159613.4398.215.camel@localhost>
Date:	Thu, 09 Jul 2009 13:13:33 -0400
From:	"David P. Quigley" <dpquigl@...ho.nsa.gov>
To:	Greg KH <gregkh@...e.de>
Cc:	jmorris@...ei.org, sds@...ho.nsa.gov, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org
Subject: Re: [PATCH] Security/sysfs: Enable security xattrs to be set on
 sysfs files, directories, and symlinks.

On Thu, 2009-07-09 at 08:18 -0700, Greg KH wrote:
> On Wed, Jul 08, 2009 at 01:28:26PM -0400, David P. Quigley wrote:
> > --- a/fs/sysfs/sysfs.h
> > +++ b/fs/sysfs/sysfs.h
> > @@ -57,6 +57,7 @@ struct sysfs_dirent {
> >  	ino_t			s_ino;
> >  	umode_t			s_mode;
> >  	struct iattr		*s_iattr;
> > +	u32			s_secid;
> >  };
> 
> Why not just make this a void * like all other security hooks, and then
> you and SMACK can pick and choose what you want to embed here?
> 
> thanks,
> 
> greg k-h
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

The issue is that there really aren't any LSM hooks to accommodate that.
I have a few LSM hooks for the Labeled NFS work which could be used for
this but it still requires us to store the full xattr value somewhere
and referencing it in the sysfs_dirent structure. The issue here is that
there are two ways of presenting security information. The first is
through the xattr interface which represents the security information as
an opaque blob which the LSM turns into an internal representation. The
second which is left over from the early days is the secid which I
equate to a file handle. The problem I see is that the opaque blob (the
xattr) is the interface presented to user space. It isn't really used
internally except to turn it into a data structure or to write it to
disk for persistence.

The situation we have with sysfs is that there is no persistence for
labels and the in-core inode maybe evicted so we need a way of
persisting changes from the default label. What is really need here is
a way of persisting the security structure maintained by the LSM. Since
these structures are contained in the LSM the only reasonable
abstraction for this is for the LSM to provide a handle to refer to the
structure. There are two ways of doing this. One is with a large string
(the xattr) and the other is with a light weight handle (the secid).

Dave

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ