| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4086eda1-1155-6ca7-7b63-187ffaa03d3f@linux.microsoft.com>
Date: Wed, 12 Feb 2020 16:56:27 -0800
From: Tushar Sugandhi <tusharsu@...ux.microsoft.com>
To: Mimi Zohar <zohar@...ux.ibm.com>,
Shuah Khan <skhan@...uxfoundation.org>,
James Bottomley <James.Bottomley@...senPartnership.com>,
joe@...ches.com, linux-integrity@...r.kernel.org
Cc: sashal@...nel.org, nramas@...ux.microsoft.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 3/3] IMA: Add module name and base name prefix to log.
On 2020-02-12 4:38 p.m., Mimi Zohar wrote:
> On Wed, 2020-02-12 at 15:52 -0700, Shuah Khan wrote:
>> On 2/12/20 8:26 AM, James Bottomley wrote:
>>> On Wed, 2020-02-12 at 09:29 -0500, Mimi Zohar wrote:
>>>> On Tue, 2020-02-11 at 15:14 -0800, Tushar Sugandhi wrote:
>>>>> The #define for formatting log messages, pr_fmt, is duplicated in
>>>>> the
>>>>> files under security/integrity.
>>>>>
>>>>> This change moves the definition to security/integrity/integrity.h
>>>>> and
>>>>> removes the duplicate definitions in the other files under
>>>>> security/integrity. Also, it adds KBUILD_MODNAME and
>>>>> KBUILD_BASENAME prefix
>>>>> to the log messages.
>>>>>
>>>>> Signed-off-by: Tushar Sugandhi <tusharsu@...ux.microsoft.com>
>>>>> Reviewed-by: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
>>>>> Suggested-by: Joe Perches <joe@...ches.com>
>>>>> Suggested-by: Shuah Khan <skhan@...uxfoundation.org>
>>>>
>>>> <snip>
>>>>
>>>>> diff --git a/security/integrity/integrity.h
>>>>> b/security/integrity/integrity.h
>>>>> index 73fc286834d7..b1bb4d2263be 100644
>>>>> --- a/security/integrity/integrity.h
>>>>> +++ b/security/integrity/integrity.h
>>>>> @@ -6,6 +6,12 @@
>>>>> * Mimi Zohar <zohar@...ibm.com>
>>>>> */
>>>>>
>>>>> +#ifdef pr_fmt
>>>>> +#undef pr_fmt
>>>>> +#endif
>>>>> +
>>>>> +#define pr_fmt(fmt) KBUILD_MODNAME ": " KBUILD_BASENAME ": " fmt
>>>>> +
>>>>> #include <linux/types.h>
>>>>> #include <linux/integrity.h>
>>>>> #include <crypto/sha.h>
>>>>
>>>> Joe, Shuah, including the pr_fmt() in integrity/integrity.h not only
>>>> affects the integrity directory but everything below it. Adding
>>>> KBUILD_BASENAME to pr_fmt() modifies all of the existing IMA and EVM
>>>> kernel messages. Is that ok or should there be a separate pr_fmt()
>>>> for the subdirectories?
>>>
>>
>>> Log messages are often consumed by log monitors, which mostly use
>>> pattern matching to find messages they're interested in, so you have to
>>> take some care when changing the messages the kernel spits out and you
>>> have to make sure any change gets well notified so the distributions
>>> can warn about it.
>>>
>>> For this one, can we see a "before" and "after" message so we know
>>> what's happening?
>>>
>>
>> Mimi and James,
>>
>> My suggestion was based on thinking that simplifying this by removing
>> duplicate defines. Some messages are missing modules names, adding
>> module name to them does change the messages.
>>
>> If using one pr_fmt for all modules changes the world and makes it
>> difficult for log monitors, I would say it isn't a good change.
>>
>> I will leave this totally up to Mimi to decide. Feel free to throw
>> out my suggestion if it leads more trouble than help. :)
>
> Thanks, Shuah. Tushar, I don't see any need for changing the existing
> IMA/EVM messages. Either remove the KBUILD_BASENAME from the format
> or limit the new format to the integrity directory.
Ok. I will remove the KBUILD_BASENAME from the format.
And I will keep the definition in security/integrity/integrity.h, and
will keep the duplicates removed - as originally proposed in this patch
v3 3/3.
>
> thanks,
>
> Mimi
>
Powered by blists - more mailing lists