| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Aug 2015 10:58:23 +0900 From: Jonghwa Lee <jonghwa3.lee@...sung.com> To: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Cc: casey@...aufler-ca.com, james.l.morris@...cle.com, serge@...lyn.com, sangbae90.lee@...sung.com, inki.dae@...sung.com, Jonghwa Lee <jonghwa3.lee@...sung.com> Subject: [PATCH] [RFC] security: smack: Add support automatic Smack labeling Smack labeling is always done in user space, not in kernel space. Because kernel can't know which node or preocess should has the certain label and it shouldn't be neither. Therefore there is a distinct time gap between file creation and the labeling which might be about few miliseconds or even indefinite period. This unavoidable and imprecise time gap produces unintended Smack denial time to time. If it guerantees that labeling is done before any other access, the time gap doesn't make matter. However if not, the system will suffer from false alarm. I've already exeperienced the situation with specific cases. Mostly, it happens with devtmpfs where udevd applies xattr with defined udev rules. When kernel module is loaded, device node is newly created and it sends uevent and notification to processes in wait. However, somtimes uevent may be handled lately then other processes's access. So, Smack module checks the authority with uninitialized label, and prohibits the access even the access authority exists in Smack rule. At the first time of encounting the problem, I tries to fix the system and user process to prevent the accesses in ahead of labeling but it wasn't the solution. Performance is degraded because of compulsory delay. Another candidate of solution is given label from kernel side. However, kernel should not be aware of the label, the string, and the relationship between specific node and label. So I left it in user space. Label is still given from user space. Kernel only checks there is a pre-assigned labeling rule for the node. If so, the file will acquire the label as default at the creation. A file is created with pre-assigend label as like it's done automatically. So it's called 'Auto Smack labeling' Pre-assigned label can be given via additional file, 'autolabel' in smackfs. echo '<File path> <Smack Label>' > /sys/fs/smackfs/autolabel The label only activates when the file isn't created yet. If file already exists, then just add the label relationship to table and deactivate it. When the label is applied, it'll also be deactivated. The label turns to be enabled again only when the file is removed. This is a candidate of solution for the specific problem, and might be buggy or hamful for system-wide security. So I gently request your opinion for more clear and wise solution for the case that I faced. Jonghwa Lee (1): security: smack: Add support automatic Smack labeling security/smack/Kconfig | 11 ++++ security/smack/smack.h | 23 ++++++++ security/smack/smack_lsm.c | 66 +++++++++++++++++++++ security/smack/smackfs.c | 136 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 236 insertions(+) -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists