| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Jun 2024 16:31:27 -0400 From: Paul Moore <paul@...l-moore.com> To: Casey Schaufler <casey@...aufler-ca.com> Cc: linux-security-module@...r.kernel.org, jmorris@...ei.org, serge@...lyn.com, keescook@...omium.org, john.johansen@...onical.com, penguin-kernel@...ove.sakura.ne.jp, stephen.smalley.work@...il.com, linux-kernel@...r.kernel.org, mic@...ikod.net Subject: Re: [PATCH v39 02/42] SM: Infrastructure management of the sock security On Fri, Dec 15, 2023 at 5:18 PM Casey Schaufler <casey@...aufler-ca.com> wrote: > > Move management of the sock->sk_security blob out > of the individual security modules and into the security > infrastructure. Instead of allocating the blobs from within > the modules the modules tell the infrastructure how much > space is required, and the space is allocated there. > > Acked-by: Paul Moore <paul@...l-moore.com> > Reviewed-by: Kees Cook <keescook@...omium.org> > Reviewed-by: John Johansen <john.johansen@...onical.com> > Acked-by: Stephen Smalley <stephen.smalley.work@...il.com> > Signed-off-by: Casey Schaufler <casey@...aufler-ca.com> > --- > include/linux/lsm_hooks.h | 1 + > security/apparmor/include/net.h | 3 +- > security/apparmor/lsm.c | 20 +------- > security/apparmor/net.c | 2 +- > security/security.c | 36 ++++++++++++++- > security/selinux/hooks.c | 76 ++++++++++++++----------------- > security/selinux/include/objsec.h | 5 ++ > security/selinux/netlabel.c | 23 +++++----- > security/smack/smack.h | 5 ++ > security/smack/smack_lsm.c | 70 ++++++++++++++-------------- > security/smack/smack_netfilter.c | 4 +- > 11 files changed, 131 insertions(+), 114 deletions(-) I had to do some minor merge fixups, but I just merged this into the lsm/dev-staging branch to do some testing, assuming all goes well I'll move this over to the lsm/dev branch; I'll send another note if/when that happens. One of the things that has bothered me about the LSM framework is the inconsistency around allocation and management of the LSM security blobs (the `void *security` fields present in many kernel objects). In some cases the framework itself manages these fields, in other cases it is left up to the individual LSMs; while there are reasons for this (move to the framework on an as-needed basis), it is a little odd and with any inconsistency I worry about the potential for bugs. I think moving the allocation and management of all the LSM blobs into the LSM framework, similar to what was done here with the sock's sk_security field, would be a Very Good Thing and help bring some additional consistency to the LSM interfaces. Looking quickly at only the SELinux code, I see six additional blobs that would need to be converted; it's possible there are others in use by other LSMs, but I haven't checked. Casey, is this something you would be interested in pursuing or would you rather I give it a shot? -- paul-moore.com
Powered by blists - more mailing lists