lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHC9VhR8_aQFxBq4fG=q8FgVUEZAL6F_iSE9kFnO7Mf4tf52AQ@mail.gmail.com>
Date:   Wed, 9 Nov 2022 18:33:52 -0500
From:   Paul Moore <paul@...l-moore.com>
To:     Casey Schaufler <casey@...aufler-ca.com>
Cc:     Greg KH <gregkh@...uxfoundation.org>, casey.schaufler@...el.com,
        linux-security-module@...r.kernel.org, jmorris@...ei.org,
        keescook@...omium.org, john.johansen@...onical.com,
        penguin-kernel@...ove.sakura.ne.jp, stephen.smalley.work@...il.com,
        linux-kernel@...r.kernel.org, linux-api@...r.kernel.org,
        mic@...ikod.net
Subject: Re: [PATCH v1 2/8] LSM: Add an LSM identifier for external use

On Fri, Oct 28, 2022 at 12:55 PM Casey Schaufler <casey@...aufler-ca.com> wrote:
> On 10/26/2022 11:31 PM, Greg KH wrote:
> > On Wed, Oct 26, 2022 at 12:36:34PM -0700, Casey Schaufler wrote:
> >>>> + *
> >>>> + * Copyright (C) 2022 Casey Schaufler <casey@...aufler-ca.com>
> >>>> + * Copyright (C) Intel Corporation
> >>> No date for Intel?
> >> The latest guidance I have received is that Intel does not want a date.
> > Ok, then I need to have an Intel lawyer sign off on a patch that does
> > this in order to have that be their official statement.  Otherwise, it
> > needs a date.
>
> Seems I misunderstood something. The date will be there.
>
> >>>> + */
> >>>> +
> >>>> +#ifndef _UAPI_LINUX_LSM_H
> >>>> +#define _UAPI_LINUX_LSM_H
> >>>> +
> >>>> +/*
> >>>> + * ID values to identify security modules.
> >>>> + * A system may use more than one security module.
> >>>> + *
> >>>> + * LSM_ID_XXX values 0 - 31 are reserved for future use
> >>> Reserved for what?  Why?
> >> You're not the first person to ask.
> > And the answer is?
>
> There hasn't been an argument for it beyond "just in case".
> I can't see a rational reason to reserve specific numbers as
> I don't see value in LSM ranges.
>
> >> I'll remove the reserved values for the next version.
> > Because we asked it will be removed?
>
> Because I don't have a good reason for including it and it
> has been called into question. If a reviewer has a legitimate
> case for reserved values they may be back.

Sorry for the delay, I was away for a couple of weeks and limiting my
patch review to bug fixes, critical stuff, etc. but normal service is
resuming this week ...

I was the one who originally added the note on reserved values in my
original strawman proposal and I suspect Casey just carried that
forward into his patches, so feel free to blame me.  My reason for
doing so is rather simple, we're going to treat the ID as a 32-bit
value so we have *plenty* of room (just the thought of supporting +4
billion unique LSMs is comically insane), and I'd like to try and
leave some space for yet-undetermined "special" things that we might
need to convey in the LSM syscalls.  For example, this would allow us
to convey additional information to userspace when an application
asked for labeling information using one of these reserved LSM IDs;
applications which did not know (or care) about the special ID would
continue to function normally but augmented/new applications would be
able to make sense of the additional information ... and we wouldn't
have to add a new syscall to do it.

It's basically really cheap futureproofing with little downside (we
can always reclaim it at a later date if really necessary).  I've done
similar things on other projects and it has proven to be useful in a
few, and in none of the cases has it proven to be a problem.

--
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ