lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c19917fa-f62c-b7e0-8cbd-f10a96f686ba@digikod.net>
Date:   Tue, 11 Jul 2017 01:40:22 +0200
From:   Mickaël Salaün <mic@...ikod.net>
To:     Salvatore Mesoraca <s.mesoraca16@...il.com>
Cc:     kernel list <linux-kernel@...r.kernel.org>,
        linux-security-module <linux-security-module@...r.kernel.org>,
        Kernel Hardening <kernel-hardening@...ts.openwall.com>,
        Brad Spengler <spender@...ecurity.net>,
        PaX Team <pageexec@...email.hu>,
        Casey Schaufler <casey@...aufler-ca.com>,
        Kees Cook <keescook@...omium.org>,
        James Morris <james.l.morris@...cle.com>,
        "Serge E. Hallyn" <serge@...lyn.com>, Matt Brown <matt@...tt.com>,
        Mimi Zohar <zohar@...ux.vnet.ibm.com>
Subject: Re: [kernel-hardening] [PATCH 00/11] S.A.R.A. a new stacked LSM


On 10/07/2017 09:59, Salvatore Mesoraca wrote:
> 2017-07-09 21:35 GMT+02:00 Mickaël Salaün <mic@...ikod.net>:
>> Hi,
>>
>> I think it make sense to merge the W^X features with the TPE/shebang LSM
>> [1].
>>
>> Regards,
>>  Mickaël
>>
>> [1]
>> https://lkml.kernel.org/r/d9aca46b-97c6-4faf-b559-484feb4aa640@digikod.net
> 
> Hi,
> Can you elaborate why it would be an advantage to have those features merged?
> They seem quite unrelated.
> Also, they work in rather different ways in respect to how they are configured.
> I'm not sure what would be a reasonable way to merge them.
> Thank you for your comment,
> 
> Salvatore
> 

The aim of the Trusted Path Execution is to constraint calls to execve
(e.g. forbid an user to execute his own binaries, i.e. apply a W^X
security policy). This should handle binaries and could handle scripts
too [1]. However, there is always a way for a process to mmap/mprotect
arbitrary data and make it executable, be it intentional or not. PaX and
the W^X part of your LSM can handle this, or make exceptions by marking
a file with dedicated xattr values. This kind of exception fit well with
TPE to get a more hardened executable security policy (e.g. forbid an
user to execute his own binaries or to mmap arbitrary executable code).
Moreover, TPE could handle some part of its configuration from some
xattr values (e.g. allow scripts/interpreters, a whitelist of
environment variables, additional memory restrictions…) as you do with
SARA thanks to your tools.

 Mickaël

[1]
https://lkml.kernel.org/r/25278a42-736e-0d3b-8c0a-7b2b05ed7d28@digikod.net



Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ