lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEjxPJ49Q1od7XXJ2bepGc=6O_FA+1fz=W+_4vLhFcCyakPUqw@mail.gmail.com>
Date: Tue, 27 Aug 2024 08:23:56 -0400
From: Stephen Smalley <stephen.smalley.work@...il.com>
To: Casey Schaufler <casey@...aufler-ca.com>
Cc: paul@...l-moore.com, linux-security-module@...r.kernel.org, 
	jmorris@...ei.org, serge@...lyn.com, keescook@...omium.org, 
	john.johansen@...onical.com, penguin-kernel@...ove.sakura.ne.jp, 
	linux-kernel@...r.kernel.org, mic@...ikod.net, linux-audit@...hat.com, 
	audit@...r.kernel.org
Subject: Re: [PATCH 05/13] LSM: Use lsmblob in security_ipc_getsecid

On Sun, Aug 25, 2024 at 3:02 PM Casey Schaufler <casey@...aufler-ca.com> wrote:
>
> There may be more than one LSM that provides IPC data for auditing.
> Change security_ipc_getsecid() to fill in a lsmblob structure instead
> of the u32 secid.  Change the name to security_ipc_getlsmblob() to
> reflect the change.  The audit data structure containing the secid
> will be updated later, so there is a bit of scaffolding here.
>
> Reviewed-by: Kees Cook <keescook@...omium.org>
> Reviewed-by: John Johansen <john.johansen@...onical.com>
> Acked-by: Stephen Smalley <stephen.smalley.work@...il.com>
> Acked-by: Paul Moore <paul@...l-moore.com>
> Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
> Cc: linux-audit@...hat.com
> Cc: audit@...r.kernel.org

1. Need to cc selinux list on patches that modify it.
2. Can't retain Acked-by or Reviewed-by lines if the patch has changed
since the review.

> ---
>  include/linux/lsm_hook_defs.h |  4 ++--
>  include/linux/security.h      | 18 +++++++++++++++---
>  kernel/auditsc.c              |  3 +--
>  security/security.c           | 14 +++++++-------
>  security/selinux/hooks.c      |  9 ++++++---
>  security/smack/smack_lsm.c    | 17 ++++++++++-------
>  6 files changed, 41 insertions(+), 24 deletions(-)
>
> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
> index 3e5f6baa7b9f..c3ffc3f98343 100644
> --- a/include/linux/lsm_hook_defs.h
> +++ b/include/linux/lsm_hook_defs.h
> @@ -253,8 +253,8 @@ LSM_HOOK(void, LSM_RET_VOID, task_to_inode, struct task_struct *p,
>          struct inode *inode)
>  LSM_HOOK(int, 0, userns_create, const struct cred *cred)
>  LSM_HOOK(int, 0, ipc_permission, struct kern_ipc_perm *ipcp, short flag)
> -LSM_HOOK(void, LSM_RET_VOID, ipc_getsecid, struct kern_ipc_perm *ipcp,
> -        u32 *secid)
> +LSM_HOOK(void, LSM_RET_VOID, ipc_getlsmblob, struct kern_ipc_perm *ipcp,
> +        struct lsmblob *blob)
>  LSM_HOOK(int, 0, msg_msg_alloc_security, struct msg_msg *msg)
>  LSM_HOOK(void, LSM_RET_VOID, msg_msg_free_security, struct msg_msg *msg)
>  LSM_HOOK(int, 0, msg_queue_alloc_security, struct kern_ipc_perm *perm)
> diff --git a/include/linux/security.h b/include/linux/security.h
> index a0b23b6e8734..ebe8edaae953 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -290,6 +290,17 @@ static inline bool lsmblob_is_set(struct lsmblob *blob)
>         return !!memcmp(blob, &empty, sizeof(*blob));
>  }
>
> +/**
> + * lsmblob_init - initialize a lsmblob structure
> + * @blob: Pointer to the data to initialize
> + *
> + * Set all secid for all modules to the specified value.
> + */
> +static inline void lsmblob_init(struct lsmblob *blob)
> +{
> +       memset(blob, 0, sizeof(*blob));
> +}
> +
>  #ifdef CONFIG_SECURITY
>
>  int call_blocking_lsm_notifier(enum lsm_event event, void *data);
> @@ -500,7 +511,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
>  void security_task_to_inode(struct task_struct *p, struct inode *inode);
>  int security_create_user_ns(const struct cred *cred);
>  int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
> -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
> +void security_ipc_getlsmblob(struct kern_ipc_perm *ipcp, struct lsmblob *blob);
>  int security_msg_msg_alloc(struct msg_msg *msg);
>  void security_msg_msg_free(struct msg_msg *msg);
>  int security_msg_queue_alloc(struct kern_ipc_perm *msq);
> @@ -1340,9 +1351,10 @@ static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
>         return 0;
>  }
>
> -static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
> +static inline void security_ipc_getlsmblob(struct kern_ipc_perm *ipcp,
> +                                          struct lsmblob *blob)
>  {
> -       *secid = 0;
> +       lsmblob_init(blob);
>  }
>
>  static inline int security_msg_msg_alloc(struct msg_msg *msg)
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 84f6e9356b8f..94b7ef89da2e 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -2638,8 +2638,7 @@ void __audit_ipc_obj(struct kern_ipc_perm *ipcp)
>         context->ipc.gid = ipcp->gid;
>         context->ipc.mode = ipcp->mode;
>         context->ipc.has_perm = 0;
> -       /* scaffolding */
> -       security_ipc_getsecid(ipcp, &context->ipc.oblob.scaffold.secid);
> +       security_ipc_getlsmblob(ipcp, &context->ipc.oblob);
>         context->type = AUDIT_IPC;
>  }
>
> diff --git a/security/security.c b/security/security.c
> index bb541a3be410..6e72e678b5b4 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -3611,17 +3611,17 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
>  }
>
>  /**
> - * security_ipc_getsecid() - Get the sysv ipc object's secid
> + * security_ipc_getlsmblob() - Get the sysv ipc object LSM data
>   * @ipcp: ipc permission structure
> - * @secid: secid pointer
> + * @blob: pointer to lsm information
>   *
> - * Get the secid associated with the ipc object.  In case of failure, @secid
> - * will be set to zero.
> + * Get the lsm information associated with the ipc object.
>   */
> -void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
> +
> +void security_ipc_getlsmblob(struct kern_ipc_perm *ipcp, struct lsmblob *blob)
>  {
> -       *secid = 0;
> -       call_void_hook(ipc_getsecid, ipcp, secid);
> +       lsmblob_init(blob);
> +       call_void_hook(ipc_getlsmblob, ipcp, blob);
>  }
>
>  /**
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 102489e6d579..1b34b86426e8 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -6328,10 +6328,13 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
>         return ipc_has_perm(ipcp, av);
>  }
>
> -static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
> +static void selinux_ipc_getlsmblob(struct kern_ipc_perm *ipcp,
> +                                  struct lsmblob *blob)
>  {
>         struct ipc_security_struct *isec = selinux_ipc(ipcp);
> -       *secid = isec->sid;
> +       blob->selinux.secid = isec->sid;
> +       /* scaffolding */
> +       blob->scaffold.secid = isec->sid;
>  }
>
>  static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
> @@ -7252,7 +7255,7 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = {
>         LSM_HOOK_INIT(userns_create, selinux_userns_create),
>
>         LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
> -       LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
> +       LSM_HOOK_INIT(ipc_getlsmblob, selinux_ipc_getlsmblob),
>
>         LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
>         LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 5d74d8590862..370ca7fb1843 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -3442,16 +3442,19 @@ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
>  }
>
>  /**
> - * smack_ipc_getsecid - Extract smack security id
> + * smack_ipc_getlsmblob - Extract smack security data
>   * @ipp: the object permissions
> - * @secid: where result will be saved
> + * @blob: where result will be saved
>   */
> -static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
> +static void smack_ipc_getlsmblob(struct kern_ipc_perm *ipp,
> +                                struct lsmblob *blob)
>  {
> -       struct smack_known **blob = smack_ipc(ipp);
> -       struct smack_known *iskp = *blob;
> +       struct smack_known **iskpp = smack_ipc(ipp);
> +       struct smack_known *iskp = *iskpp;
>
> -       *secid = iskp->smk_secid;
> +       blob->smack.skp = iskp;
> +       /* scaffolding */
> +       blob->scaffold.secid = iskp->smk_secid;
>  }
>
>  /**
> @@ -5157,7 +5160,7 @@ static struct security_hook_list smack_hooks[] __ro_after_init = {
>         LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
>
>         LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
> -       LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
> +       LSM_HOOK_INIT(ipc_getlsmblob, smack_ipc_getlsmblob),
>
>         LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
>
> --
> 2.41.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ