lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20cdb098-400e-25d0-f93e-98efb1095b68@schaufler-ca.com>
Date:   Wed, 9 Nov 2022 16:57:05 -0800
From:   Casey Schaufler <casey@...aufler-ca.com>
To:     Paul Moore <paul@...l-moore.com>
Cc:     Greg KH <gregkh@...uxfoundation.org>, casey.schaufler@...el.com,
        linux-security-module@...r.kernel.org, jmorris@...ei.org,
        keescook@...omium.org, john.johansen@...onical.com,
        penguin-kernel@...ove.sakura.ne.jp, stephen.smalley.work@...il.com,
        linux-kernel@...r.kernel.org, linux-api@...r.kernel.org,
        mic@...ikod.net, casey@...aufler-ca.com
Subject: Re: [PATCH v1 2/8] LSM: Add an LSM identifier for external use

On 11/9/2022 3:33 PM, Paul Moore wrote:
> On Fri, Oct 28, 2022 at 12:55 PM Casey Schaufler <casey@...aufler-ca.com> wrote:
>> On 10/26/2022 11:31 PM, Greg KH wrote:
>>> On Wed, Oct 26, 2022 at 12:36:34PM -0700, Casey Schaufler wrote:
>>>>>> + *
>>>>>> + * Copyright (C) 2022 Casey Schaufler <casey@...aufler-ca.com>
>>>>>> + * Copyright (C) Intel Corporation
>>>>> No date for Intel?
>>>> The latest guidance I have received is that Intel does not want a date.
>>> Ok, then I need to have an Intel lawyer sign off on a patch that does
>>> this in order to have that be their official statement.  Otherwise, it
>>> needs a date.
>> Seems I misunderstood something. The date will be there.
>>
>>>>>> + */
>>>>>> +
>>>>>> +#ifndef _UAPI_LINUX_LSM_H
>>>>>> +#define _UAPI_LINUX_LSM_H
>>>>>> +
>>>>>> +/*
>>>>>> + * ID values to identify security modules.
>>>>>> + * A system may use more than one security module.
>>>>>> + *
>>>>>> + * LSM_ID_XXX values 0 - 31 are reserved for future use
>>>>> Reserved for what?  Why?
>>>> You're not the first person to ask.
>>> And the answer is?
>> There hasn't been an argument for it beyond "just in case".
>> I can't see a rational reason to reserve specific numbers as
>> I don't see value in LSM ranges.
>>
>>>> I'll remove the reserved values for the next version.
>>> Because we asked it will be removed?
>> Because I don't have a good reason for including it and it
>> has been called into question. If a reviewer has a legitimate
>> case for reserved values they may be back.
> Sorry for the delay, I was away for a couple of weeks and limiting my
> patch review to bug fixes, critical stuff, etc. but normal service is
> resuming this week ...
>
> I was the one who originally added the note on reserved values in my
> original strawman proposal and I suspect Casey just carried that
> forward into his patches, so feel free to blame me.

Done!

>   My reason for
> doing so is rather simple, we're going to treat the ID as a 32-bit
> value so we have *plenty* of room (just the thought of supporting +4
> billion unique LSMs is comically insane), and I'd like to try and
> leave some space for yet-undetermined "special" things that we might
> need to convey in the LSM syscalls.  For example, this would allow us
> to convey additional information to userspace when an application
> asked for labeling information using one of these reserved LSM IDs;
> applications which did not know (or care) about the special ID would
> continue to function normally but augmented/new applications would be
> able to make sense of the additional information ... and we wouldn't
> have to add a new syscall to do it.

I don't see how

	#define LSM_ID_SPECIAL	2

is better than

	#define LSM_ID_SPECIAL	13

There's no reason to "group" LSM_ID values, nor have a range of them.
Really, I don't care one way or the other. I will bend to whatever will
is stronger.

> It's basically really cheap futureproofing with little downside (we
> can always reclaim it at a later date if really necessary).  I've done
> similar things on other projects and it has proven to be useful in a
> few, and in none of the cases has it proven to be a problem.
>
> --
> paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ