lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 May 2012 10:06:41 -0400 From: Eric Paris <eparis@...isplace.org> To: Mimi Zohar <zohar@...ux.vnet.ibm.com> Cc: James Morris <jmorris@...ei.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Al Viro <viro@...iv.linux.org.uk>, Mimi Zohar <zohar@...ibm.com>, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] vfs: fix IMA lockdep circular locking dependency On Wed, May 16, 2012 at 9:52 AM, Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote: > On Wed, 2012-05-16 at 09:42 -0400, Eric Paris wrote: >> On Wed, 2012-05-16 at 21:37 +1000, James Morris wrote: >> > On Tue, 15 May 2012, Linus Torvalds wrote: >> > >> > > Hmm? >> > >> > diff --git a/security/capability.c b/security/capability.c >> > index 5bb21b1c448c..9a19c6a54e12 100644 >> > --- a/security/capability.c >> > +++ b/security/capability.c >> > @@ -949,7 +949,6 @@ void __init security_fixup_ops(struct >> > security_operations *ops) >> > set_to_cap_if_null(ops, file_alloc_security); >> > set_to_cap_if_null(ops, file_free_security); >> > set_to_cap_if_null(ops, file_ioctl); >> > - set_to_cap_if_null(ops, file_mmap); >> > set_to_cap_if_null(ops, file_mprotect); >> > set_to_cap_if_null(ops, file_lock); >> > set_to_cap_if_null(ops, file_fcntl); >> > >> > >> > Do we need to add addr_map to the fixup ops? >> >> No. His patch works just fine without it. If you look he uses: >> >> + if (security_ops->mmap_file) { >> >> Which means since we didn't set an explicit .mmap_file, even with no >> other LSM loaded we would be fine. >> >> At the moment I'd rather stick with our usual notation of forcing >> capabilities to define every option even if all it does it return 0. If >> Linus thinks it's a good idea to do >> if (security_ops->function) >> security_ops->funtion(args); >> In the security server we should do that cleanup separately... >> >> -Eric > > James was pointing out that security_fixup_ops was not set for > mmap_addr, not mmap_file(), which should be initialized by > security_fixup_ops(). But it would be flat wrong to put it there. True historically we did things differently, but this patch is right given Linus is doing it a different way. Had Linus done what you two are suggesting: +int security_mmap_addr(unsigned long addr) +{ + if (security_ops->mmap_addr) { <--- This would call cap_mmap_addr + int ret = security_ops->mmap_addr(addr); + if (ret) + return ret; + } + return cap_mmap_addr(addr); <--- This would also call cap_mmap_addr +} See the problem? Like I said, we can do a full cleanup removing all of the useless capabilities functions and turning them into an inline branch instead of unconditional jump and return 0. We could possibly even move all of the cap stacking into this layer instead of pushing it into the LSM layer. But you shouldn't really do #2 without #1. (Notice here Linus is doing both of those things, but only with this one hook) -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists