lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b16a8882-4e88-0340-84b4-0fd2f8797206@canonical.com>
Date:   Mon, 1 Oct 2018 14:22:04 -0700
From:   John Johansen <john.johansen@...onical.com>
To:     Kees Cook <keescook@...omium.org>, James Morris <jmorris@...ei.org>
Cc:     Casey Schaufler <casey@...aufler-ca.com>,
        Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
        Paul Moore <paul@...l-moore.com>,
        Stephen Smalley <sds@...ho.nsa.gov>,
        "Schaufler, Casey" <casey.schaufler@...el.com>,
        LSM <linux-security-module@...r.kernel.org>,
        Jonathan Corbet <corbet@....net>, linux-doc@...r.kernel.org,
        linux-arch@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH security-next v3 16/29] LSM: Prepare for arbitrary LSM
 enabling

On 09/24/2018 05:18 PM, Kees Cook wrote:
> Before now, all the LSMs that did not specify an "enable" variable in their
> struct lsm_info were considered enabled by default. This prepares to make
> LSM enabling more explicit. For all LSMs without an explicit "enable"
> variable, a hard-coded storage location is chosen, and all LSMs without
> an external "enable" state have their state explicitly set to "enabled".
> 
> This code appears more complex than it needs to be (comma-separated
> list parsing and "set" function parameter) because its use will be
> expanded on in the following patches to provide more explicit enabling.
> 
> Signed-off-by: Kees Cook <keescook@...omium.org>


Reviewed-by: John Johansen <john.johansen@...onical.com>


> ---
>  security/security.c | 69 ++++++++++++++++++++++++++++++++++++++++++---
>  1 file changed, 65 insertions(+), 4 deletions(-)
> 
> diff --git a/security/security.c b/security/security.c
> index 056b36cf6245..a8107d54b3d3 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -54,17 +54,46 @@ static bool debug __initdata;
>  
>  static bool __init is_enabled(struct lsm_info *lsm)
>  {
> -	if (!lsm->enabled || *lsm->enabled)
> -		return true;
> +	if (WARN_ON(!lsm->enabled))
> +		return false;
>  
> -	return false;
> +	return *lsm->enabled;
>  }
>  
>  /* Mark an LSM's enabled flag, if it exists. */
> -static void __init set_enabled(struct lsm_info *lsm, bool enabled)
> +static int lsm_enabled_true __initdata = 1;
> +static int lsm_enabled_false __initdata = 0;
> +
> +static void __init default_enabled(struct lsm_info *lsm, bool enabled)
>  {
> +	/* If storage location already set, skip this one. */
>  	if (lsm->enabled)
> +		return;
> +
> +	/*
> +	 * When an LSM hasn't configured an enable variable, we can use
> +	 * a hard-coded location for storing the default enabled state.
> +	 */
> +	if (enabled)
> +		lsm->enabled = &lsm_enabled_true;
> +	else
> +		lsm->enabled = &lsm_enabled_false;
> +}
> +
> +static void __init set_enabled(struct lsm_info *lsm, bool enabled)
> +{
> +	if (WARN_ON(!lsm->enabled))
> +		return;
> +
> +	if (lsm->enabled == &lsm_enabled_true) {
> +		if (!enabled)
> +			lsm->enabled = &lsm_enabled_false;
> +	} else if (lsm->enabled == &lsm_enabled_false) {
> +		if (enabled)
> +			lsm->enabled = &lsm_enabled_true;
> +	} else {
>  		*lsm->enabled = enabled;
> +	}
>  }
>  
>  /* Is an LSM allowed to be initialized? */
> @@ -127,6 +156,35 @@ static void __init major_lsm_init(void)
>  	}
>  }
>  
> +static void __init parse_lsm_enable(const char *str,
> +				    void (*set)(struct lsm_info *, bool),
> +				    bool enabled)
> +{
> +	char *sep, *name, *next;
> +
> +	if (!str)
> +		return;
> +
> +	sep = kstrdup(str, GFP_KERNEL);
> +	next = sep;
> +	while ((name = strsep(&next, ",")) != NULL) {
> +		struct lsm_info *lsm;
> +
> +		for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
> +			if (strcmp(name, "all") == 0 ||
> +			    strcmp(name, lsm->name) == 0)
> +				set(lsm, enabled);
> +		}
> +	}
> +	kfree(sep);
> +}
> +
> +static void __init prepare_lsm_enable(void)
> +{
> +	/* Prepare defaults. */
> +	parse_lsm_enable("all", default_enabled, true);
> +}
> +
>  /**
>   * security_init - initializes the security framework
>   *
> @@ -143,6 +201,9 @@ int __init security_init(void)
>  	     i++)
>  		INIT_HLIST_HEAD(&list[i]);
>  
> +	/* Figure out which LSMs are enabled and disabled. */
> +	prepare_lsm_enable();
> +
>  	/*
>  	 * Load minor LSMs, with the capability module always first.
>  	 */
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ