| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Jun 2013 22:11:52 +0900 From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> To: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: [PATCH 0/4] LSM/TOMOYO: Introduce per a task_struct variables. This patchset is for fixing two of TOMOYO's long-standing bugs which exists since Linux 2.6.30. Bug 1: TOMOYO has been unable to check binary loader's permission upon execve() because TOMOYO uses different permission for the program passed to execve() request and the binary loader requested by the program passed to the execve() request, but TOMOYO was not able to distinguish them due to lack of ability to pass the proposed credential argument. Some attempt to pass the proposed credential was made but was not successful because it breaks DAC's behavior. Bug 2: TOMOYO has been unable to remember that the current thread was once granted for managing policy, for there is no mechanism for cleanly allocating per a task_struct variables. As a result, TOMOYO needlessly has to check permission for updating policy whenever a line of policy was written. Also, if the userspace once deleted a line that is needed for updating policy, the current thread (which should be able to update policy) fails to write the rest of lines. Variables associated with copy on write credential do not help for fixing this bug because TOMOYO may not be allowed to modify it when TOMOYO wants to modify it. This patchset has four patches. Patch 1 and 2 are essentially revival of LSM hooks which existed until Linux 2.6.28. [PATCH 1/4] LSM: Add security_bprm_aborting_creds() hook. [PATCH 2/4] LSM: Revive security_task_alloc() hook. [PATCH 3/4] TOMOYO: Remember the proposed domain while in execve() request. [PATCH 4/4] TOMOYO: Allow caching policy manager's state until execve() request. b/fs/exec.c | 1 b/include/linux/security.h | 11 +++ b/kernel/fork.c | 7 + b/security/capability.c | 5 + b/security/security.c | 5 + b/security/tomoyo/common.c | 22 +++++- b/security/tomoyo/common.h | 34 +++++++++ b/security/tomoyo/tomoyo.c | 163 +++++++++++++++++++++++++++++++++++++++++++-- include/linux/security.h | 10 ++ security/capability.c | 6 + security/security.c | 5 + security/tomoyo/common.h | 6 + security/tomoyo/tomoyo.c | 32 ++++++++ 13 files changed, 298 insertions(+), 9 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists