lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 11 Aug 2017 14:33:35 -0500
From:   Tyler Hicks <tyhicks@...onical.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     Andy Lutomirski <luto@...capital.net>,
        Will Drewry <wad@...omium.org>,
        Paul Moore <paul@...l-moore.com>,
        Eric Paris <eparis@...hat.com>,
        John Crispin <john@...ozen.org>,
        Tycho Andersen <tycho@...ker.com>, linux-audit@...hat.com,
        LKML <linux-kernel@...r.kernel.org>,
        Linux API <linux-api@...r.kernel.org>
Subject: Re: [PATCH v6 3/6] seccomp: Sysctl to configure actions that are
 allowed to be logged

On 08/11/2017 02:17 PM, Kees Cook wrote:
> On Thu, Aug 10, 2017 at 9:33 PM, Tyler Hicks <tyhicks@...onical.com> wrote:
>> +static int seccomp_actions_logged_handler(struct ctl_table *ro_table, int write,
>> +                                         void __user *buffer, size_t *lenp,
>> +                                         loff_t *ppos)
>> +{
>> +       char names[sizeof(seccomp_actions_avail)];
>> +       struct ctl_table table;
>> +       int ret;
>> +
>> +       if (write && !capable(CAP_SYS_ADMIN))
>> +               return -EPERM;
>> +
>> +       memset(names, 0, sizeof(names));
>> +
>> +       if (!write) {
>> +               if (!seccomp_names_from_actions_logged(names, sizeof(names),
>> +                                                      seccomp_actions_logged))
>> +                       return -EINVAL;
>> +       }
>> +
>> +       table = *ro_table;
>> +       table.data = names;
>> +       table.maxlen = sizeof(names);
>> +       ret = proc_dostring(&table, write, buffer, lenp, ppos);
>> +       if (ret)
>> +               return ret;
>> +
>> +       if (write) {
>> +               u32 actions_logged;
>> +
>> +               if (!seccomp_actions_logged_from_names(&actions_logged,
>> +                                                      table.data))
>> +                       return -EINVAL;
>> +
>> +               if (actions_logged & SECCOMP_LOG_ALLOW)
>> +                       return -EINVAL;
>> +
>> +               seccomp_actions_logged = actions_logged;
>> +       }
>> +
>> +       return 0;
>> +}
> 
> One thought here: should "kill" be always forced on during a write?
> This flag effectively cannot be disabled, so listing it (or not) in
> the sysctl may be confusing...

"kill" can be silenced in the current implementation. Lets hammer out
whether or not that's the right thing to do and then we can discuss the
sysctl behavior on write. I don't personally have any concerns about an
admin being able to silence RET_KILL logs but let me know if you are
against it.

Tyler

> 
> -Kees
> 




Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ