| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0c3ac562e5b8ea82d962478459bc7047.paul@paul-moore.com>
Date: Mon, 23 Oct 2023 23:52:35 -0400
From: Paul Moore <paul@...l-moore.com>
To: Fan Wu <wufan@...ux.microsoft.com>, corbet@....net,
zohar@...ux.ibm.com, jmorris@...ei.org, serge@...lyn.com,
tytso@....edu, ebiggers@...nel.org, axboe@...nel.dk,
agk@...hat.com, snitzer@...nel.org, eparis@...hat.com
Cc: linux-doc@...r.kernel.org, linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-fscrypt@...r.kernel.org, linux-block@...r.kernel.org,
dm-devel@...hat.com, audit@...r.kernel.org,
roberto.sassu@...wei.com, linux-kernel@...r.kernel.org,
Deven Bowers <deven.desai@...ux.microsoft.com>,
Fan Wu <wufan@...ux.microsoft.com>
Subject: Re: [PATCH RFC v11 17/19] scripts: add boot policy generation program
On Oct 4, 2023 Fan Wu <wufan@...ux.microsoft.com> wrote:
>
> Enables an IPE policy to be enforced from kernel start, enabling access
> control based on trust from kernel startup. This is accomplished by
> transforming an IPE policy indicated by CONFIG_IPE_BOOT_POLICY into a
> c-string literal that is parsed at kernel startup as an unsigned policy.
>
> Signed-off-by: Deven Bowers <deven.desai@...ux.microsoft.com>
> Signed-off-by: Fan Wu <wufan@...ux.microsoft.com>
> ---
> v2:
> + No Changes
>
> v3:
> + No Changes
>
> v4:
> + No Changes
>
> v5:
> + No Changes
>
> v6:
> + No Changes
>
> v7:
> + Move from 01/11 to 14/16
> + Don't return errno directly.
> + Make output of script more user-friendly
> + Add escaping for tab and '?'
> + Mark argv pointer const
> + Invert return code check in the boot policy parsing code path.
>
> v8:
> + No significant changes.
>
> v9:
> + No changes
>
> v10:
> + Update the init part code for rcu changes in the eval loop patch
>
> v11:
> + Fix code style issues
> ---
> MAINTAINERS | 1 +
> scripts/Makefile | 1 +
> scripts/ipe/Makefile | 2 +
> scripts/ipe/polgen/.gitignore | 1 +
> scripts/ipe/polgen/Makefile | 6 ++
> scripts/ipe/polgen/polgen.c | 145 ++++++++++++++++++++++++++++++++++
> security/ipe/.gitignore | 1 +
> security/ipe/Kconfig | 10 +++
> security/ipe/Makefile | 11 +++
> security/ipe/fs.c | 8 ++
> security/ipe/ipe.c | 12 +++
> 11 files changed, 198 insertions(+)
> create mode 100644 scripts/ipe/Makefile
> create mode 100644 scripts/ipe/polgen/.gitignore
> create mode 100644 scripts/ipe/polgen/Makefile
> create mode 100644 scripts/ipe/polgen/polgen.c
> create mode 100644 security/ipe/.gitignore
...
> diff --git a/scripts/ipe/polgen/polgen.c b/scripts/ipe/polgen/polgen.c
> new file mode 100644
> index 000000000000..40b6fe07f47b
> --- /dev/null
> +++ b/scripts/ipe/polgen/polgen.c
> @@ -0,0 +1,145 @@
...
> +static int write_boot_policy(const char *pathname, const char *buf, size_t size)
> +{
> + int rc = 0;
> + FILE *fd;
> + size_t i;
> +
> + fd = fopen(pathname, "w");
> + if (!fd) {
> + rc = errno;
> + goto err;
> + }
> +
> + fprintf(fd, "/* This file is automatically generated.");
> + fprintf(fd, " Do not edit. */\n");
> + fprintf(fd, "#include <linux/stddef.h>\n");
> + fprintf(fd, "\nextern const char *const ipe_boot_policy;\n\n");
> + fprintf(fd, "const char *const ipe_boot_policy =\n");
> +
> + if (!buf || size == 0) {
> + fprintf(fd, "\tNULL;\n");
> + fclose(fd);
> + return 0;
> + }
> +
> + fprintf(fd, "\t\"");
> +
> + for (i = 0; i < size; ++i) {
> + switch (buf[i]) {
> + case '"':
> + fprintf(fd, "\\\"");
> + break;
> + case '\'':
> + fprintf(fd, "'");
> + break;
The revision of IPE proposed in this patchset doesn't support parsing
single or double quotes, yes?
> + case '\n':
> + fprintf(fd, "\\n\"\n\t\"");
> + break;
> + case '\\':
> + fprintf(fd, "\\\\");
> + break;
> + case '\t':
> + fprintf(fd, "\\t");
> + break;
> + case '\?':
> + fprintf(fd, "\\?");
> + break;
Similar, are question marks supported by the parser?
> + default:
> + fprintf(fd, "%c", buf[i]);
> + }
> + }
> + fprintf(fd, "\";\n");
> + fclose(fd);
> +
> + return 0;
> +
> +err:
> + if (fd)
> + fclose(fd);
> + return rc;
> +}
...
> diff --git a/security/ipe/.gitignore b/security/ipe/.gitignore
> new file mode 100644
> index 000000000000..eca22ad5ed22
> --- /dev/null
> +++ b/security/ipe/.gitignore
> @@ -0,0 +1 @@
> +boot-policy.c
> \ No newline at end of file
Add a newline please.
--
paul-moore.com
Powered by blists - more mailing lists