lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6d3b9d8a5f5a2ca010a5a701d7826e47912fec89.camel@linux.ibm.com>
Date: Wed, 03 Apr 2024 09:11:05 -0400
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Roberto Sassu <roberto.sassu@...weicloud.com>, viro@...iv.linux.org.uk,
        brauner@...nel.org, jack@...e.cz, paul@...l-moore.com,
        jmorris@...ei.org, serge@...lyn.com
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-security-module@...r.kernel.org, linux-cifs@...r.kernel.org,
        linux-integrity@...r.kernel.org, pc@...guebit.com,
        torvalds@...ux-foundation.org,
        Roberto Sassu <roberto.sassu@...wei.com>,
        Steve French <smfrench@...il.com>
Subject: Re: [RESEND][PATCH v3] security: Place security_path_post_mknod()
 where the original IMA call was

Hi Roberto,

Subject: -> security: Limit security_path_post_mknod() to regular files

This patch description was written for the previous patch version with minor
changes.  The discussion was more about making LSM hooks more generic than
currently needed.  The patch description should somehow reflect that discussion.

On Wed, 2024-04-03 at 11:07 +0200, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu@...wei.com>
> 
> Commit 08abce60d63f ("security: Introduce path_post_mknod hook")
> introduced security_path_post_mknod(), to replace the IMA-specific call to
> ima_post_path_mknod().
> 
> For symmetry with security_path_mknod(), security_path_post_mknod() was
> called after a successful mknod operation, for any file type, rather than
> only for regular files at the time there was the IMA call.

-> rather than only for regular files.
> 
> However, as reported by VFS maintainers, successful mknod operation does
> not mean that the dentry always has an inode attached to it (for example,
> not for FIFOs on a SAMBA mount).
> 
> If that condition happens, the kernel crashes when
> security_path_post_mknod() attempts to verify if the inode associated to
> the dentry is private.

This is an example of why making the LSM hook more generic than needed didn't
work.  Based on the discussion there is no valid reason for making the hook more
generic.

> 
> Move security_path_post_mknod() where the ima_post_path_mknod() call was,
> which is obviously correct from IMA/EVM perspective. IMA/EVM are the only
> in-kernel users, and only need to inspect regular files.

-> Move the security_path_post_mknod() back to the original placement of the
ima_post_path_mknod(), so that it is only called for regular files.

> 
> Reported-by: Steve French <smfrench@...il.com>
> Closes: 
> https://lore.kernel.org/linux-kernel/CAH2r5msAVzxCUHHG8VKrMPUKQHmBpE6K9_vjhgDa1uAvwx4ppw@mail.gmail.com/
> Suggested-by: Al Viro <viro@...iv.linux.org.uk>
> Fixes: 08abce60d63f ("security: Introduce path_post_mknod hook")
> Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>

Reviewed-by: Mimi Zohar <zohar@...ux.ibm.com>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ