lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <201306112211.GBH48909.SOFOFJHMtFQVLO@I-love.SAKURA.ne.jp>
Date:	Tue, 11 Jun 2013 22:11:52 +0900
From:	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To:	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org
Subject: [PATCH 0/4] LSM/TOMOYO: Introduce per a task_struct variables.

This patchset is for fixing two of TOMOYO's long-standing bugs which exists
since Linux 2.6.30.

Bug 1:

  TOMOYO has been unable to check binary loader's permission upon execve()
  because TOMOYO uses different permission for the program passed to execve()
  request and the binary loader requested by the program passed to the execve()
  request, but TOMOYO was not able to distinguish them due to lack of ability
  to pass the proposed credential argument. Some attempt to pass the proposed
  credential was made but was not successful because it breaks DAC's behavior.

Bug 2:

  TOMOYO has been unable to remember that the current thread was once granted
  for managing policy, for there is no mechanism for cleanly allocating per a
  task_struct variables. As a result, TOMOYO needlessly has to check permission
  for updating policy whenever a line of policy was written. Also, if the
  userspace once deleted a line that is needed for updating policy, the current
  thread (which should be able to update policy) fails to write the rest of
  lines.
  Variables associated with copy on write credential do not help for fixing
  this bug because TOMOYO may not be allowed to modify it when TOMOYO wants to
  modify it.

This patchset has four patches. Patch 1 and 2 are essentially revival of LSM
hooks which existed until Linux 2.6.28.

[PATCH 1/4] LSM: Add security_bprm_aborting_creds() hook.
[PATCH 2/4] LSM: Revive security_task_alloc() hook.
[PATCH 3/4] TOMOYO: Remember the proposed domain while in execve() request.
[PATCH 4/4] TOMOYO: Allow caching policy manager's state until execve() request.

 b/fs/exec.c                |    1
 b/include/linux/security.h |   11 +++
 b/kernel/fork.c            |    7 +
 b/security/capability.c    |    5 +
 b/security/security.c      |    5 +
 b/security/tomoyo/common.c |   22 +++++-
 b/security/tomoyo/common.h |   34 +++++++++
 b/security/tomoyo/tomoyo.c |  163 +++++++++++++++++++++++++++++++++++++++++++--
 include/linux/security.h   |   10 ++
 security/capability.c      |    6 +
 security/security.c        |    5 +
 security/tomoyo/common.h   |    6 +
 security/tomoyo/tomoyo.c   |   32 ++++++++
 13 files changed, 298 insertions(+), 9 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ