| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <018438d4-44b9-4734-9c0c-8a65f9c605a4@schaufler-ca.com>
Date: Thu, 30 Nov 2023 15:31:01 -0800
From: Casey Schaufler <casey@...aufler-ca.com>
To: Roberto Sassu <roberto.sassu@...weicloud.com>,
Petr Tesarik <petrtesarik@...weicloud.com>,
Paul Moore <paul@...l-moore.com>
Cc: viro@...iv.linux.org.uk, brauner@...nel.org,
chuck.lever@...cle.com, jlayton@...nel.org, neilb@...e.de,
kolga@...app.com, Dai.Ngo@...cle.com, tom@...pey.com,
jmorris@...ei.org, serge@...lyn.com, zohar@...ux.ibm.com,
dmitry.kasatkin@...il.com, dhowells@...hat.com, jarkko@...nel.org,
stephen.smalley.work@...il.com, eparis@...isplace.org,
mic@...ikod.net, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-nfs@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-integrity@...r.kernel.org, keyrings@...r.kernel.org,
selinux@...r.kernel.org, Roberto Sassu <roberto.sassu@...wei.com>,
Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed
blob for integrity_iint_cache
On 11/30/2023 1:34 PM, Roberto Sassu wrote:
> On 11/30/2023 5:15 PM, Casey Schaufler wrote:
>> On 11/30/2023 12:30 AM, Petr Tesarik wrote:
>>> Hi all,
>>>
>>> On 11/30/2023 1:41 AM, Casey Schaufler wrote:
>>>> ...
>>>> It would be nice if the solution directly addresses the problem.
>>>> EVM needs to be after the LSMs that use xattrs, not after all LSMs.
>>>> I suggested LSM_ORDER_REALLY_LAST in part to identify the notion as
>>>> unattractive.
>>> Excuse me to chime in, but do we really need the ordering in code?
>>
>> tl;dr - Yes.
>>
>>> FWIW
>>> the linker guarantees that objects appear in the order they are seen
>>> during the link (unless --sort-section overrides that default, but this
>>> option is not used in the kernel). Since *.a archive files are used in
>>> kbuild, I have also verified that their use does not break the
>>> assumption; they are always created from scratch.
>>>
>>> In short, to enforce an ordering, you can simply list the corresponding
>>> object files in that order in the Makefile. Of course, add a big fat
>>> warning comment, so people understand the order is not arbitrary.
>>
>> Not everyone builds custom kernels.
>
> Sorry, I didn't understand your comment.
Most people run a disto supplied kernel. If the LSM ordering were determined
only at compile time you could never run a kernel that omitted an LSM.
> Everyone builds the kernel, also Linux distros. What Petr was
> suggesting was that it does not matter how you build the kernel, the
> linker will place the LSMs in the order they appear in the Makefile.
> And for this particular case, we have:
>
> obj-$(CONFIG_IMA) += ima/
> obj-$(CONFIG_EVM) += evm/
>
> In the past, I also verified that swapping these two resulted in the
> swapped order of LSMs. Petr confirmed that it would always happen.
LSM execution order is not based on compilation order. It is specified
by CONFIG_LSM, and may be modified by the LSM_ORDER value. I don't
understand why the linker is even being brought into the discussion.
>
> Thanks
>
> Roberto
Powered by blists - more mailing lists