| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 May 2012 10:06:41 -0400
From: Eric Paris <eparis@...isplace.org>
To: Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc: James Morris <jmorris@...ei.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Al Viro <viro@...iv.linux.org.uk>,
Mimi Zohar <zohar@...ibm.com>,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] vfs: fix IMA lockdep circular locking dependency
On Wed, May 16, 2012 at 9:52 AM, Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote:
> On Wed, 2012-05-16 at 09:42 -0400, Eric Paris wrote:
>> On Wed, 2012-05-16 at 21:37 +1000, James Morris wrote:
>> > On Tue, 15 May 2012, Linus Torvalds wrote:
>> >
>> > > Hmm?
>> >
>> > diff --git a/security/capability.c b/security/capability.c
>> > index 5bb21b1c448c..9a19c6a54e12 100644
>> > --- a/security/capability.c
>> > +++ b/security/capability.c
>> > @@ -949,7 +949,6 @@ void __init security_fixup_ops(struct
>> > security_operations *ops)
>> > set_to_cap_if_null(ops, file_alloc_security);
>> > set_to_cap_if_null(ops, file_free_security);
>> > set_to_cap_if_null(ops, file_ioctl);
>> > - set_to_cap_if_null(ops, file_mmap);
>> > set_to_cap_if_null(ops, file_mprotect);
>> > set_to_cap_if_null(ops, file_lock);
>> > set_to_cap_if_null(ops, file_fcntl);
>> >
>> >
>> > Do we need to add addr_map to the fixup ops?
>>
>> No. His patch works just fine without it. If you look he uses:
>>
>> + if (security_ops->mmap_file) {
>>
>> Which means since we didn't set an explicit .mmap_file, even with no
>> other LSM loaded we would be fine.
>>
>> At the moment I'd rather stick with our usual notation of forcing
>> capabilities to define every option even if all it does it return 0. If
>> Linus thinks it's a good idea to do
>> if (security_ops->function)
>> security_ops->funtion(args);
>> In the security server we should do that cleanup separately...
>>
>> -Eric
>
> James was pointing out that security_fixup_ops was not set for
> mmap_addr, not mmap_file(), which should be initialized by
> security_fixup_ops().
But it would be flat wrong to put it there. True historically we did
things differently, but this patch is right given Linus is doing it a
different way.
Had Linus done what you two are suggesting:
+int security_mmap_addr(unsigned long addr)
+{
+ if (security_ops->mmap_addr) { <--- This would call cap_mmap_addr
+ int ret = security_ops->mmap_addr(addr);
+ if (ret)
+ return ret;
+ }
+ return cap_mmap_addr(addr); <--- This would also call
cap_mmap_addr
+}
See the problem?
Like I said, we can do a full cleanup removing all of the useless
capabilities functions and turning them into an inline branch instead
of unconditional jump and return 0. We could possibly even move all
of the cap stacking into this layer instead of pushing it into the LSM
layer. But you shouldn't really do #2 without #1. (Notice here Linus
is doing both of those things, but only with this one hook)
-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists