lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140331144927.GA21805@xo-6d-61-c0.localdomain>
Date:	Mon, 31 Mar 2014 16:49:27 +0200
From:	Pavel Machek <pavel@....cz>
To:	Matthew Garrett <matthew.garrett@...ula.com>
Cc:	linux-kernel@...r.kernel.org, keescook@...omium.org,
	gregkh@...uxfoundation.org, hpa@...or.com,
	linux-efi@...r.kernel.org, jmorris@...ei.org,
	linux-security-module@...r.kernel.org
Subject: Re: [PATCH 01/12] Add support for indicating that the booted kernel
 is externally trusted

On Wed 2014-02-26 15:11:02, Matthew Garrett wrote:
> Provide a boolean runtime configuration option for restricting userspace's
> ability to modify the running kernel. This can be used when some external
> validation of the kernel's state has been performed.

I still don't like the idea, but...

> +Once enabled. trusted kernel support may not be disabled without rebooting
> +the system.

"enabled,"

> @@ -3091,6 +3091,14 @@ static inline void security_audit_rule_free(void *lsmrule)
>  #endif /* CONFIG_SECURITY */
>  #endif /* CONFIG_AUDIT */
>  
> +#ifdef CONFIG_SECURITY_TRUSTED_KERNEL
> +extern bool get_trusted_kernel(void);
> +extern int set_trusted_kernel(bool new_trusted_kernel);
> +#else
> +static inline bool get_trusted_kernel(void) { return 0; }
> +static inline int set_trusted_kernel(bool new_trusted_kernel) { return 0; }
> +#endif /* CONFIG_TRUSTED_KERNEL */

comment does not match ifdef. (And _SECURITY is really superfluous here, maybe shorter
option would be better?)

> +	length = -EINVAL;
> +	if (sscanf(page, "%d", &new_trusted_kernel) != 1)
> +		goto out;
> +
> +	length = set_trusted_kernel(!!new_trusted_kernel);

If someone writes 2 to the sysfs, it would be better to return einval than trying
to second guess him...

								Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ