| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241023212158.18718-1-casey@schaufler-ca.com>
Date: Wed, 23 Oct 2024 14:21:53 -0700
From: Casey Schaufler <casey@...aufler-ca.com>
To: casey@...aufler-ca.com,
paul@...l-moore.com,
linux-security-module@...r.kernel.org
Cc: jmorris@...ei.org,
serge@...lyn.com,
keescook@...omium.org,
john.johansen@...onical.com,
penguin-kernel@...ove.sakura.ne.jp,
stephen.smalley.work@...il.com,
linux-kernel@...r.kernel.org,
selinux@...r.kernel.org,
mic@...ikod.net
Subject: [PATCH v3 0/5] LSM: Replace secctx/len pairs with lsm_context
LSM: Replace secctx/len pairs with lsm_context
Several of the Linux Security Module (LSM) interfaces use a pair of
pointers for transmitting security context data and data length. The
data passed is refered to as a security context. While all existing
modules provide nul terminated strings, there is no requirement that
they to so. Hence, the length is necessary.
Security contexts are provided by a number of interfaces. The interface
security_release_secctx() is used when the caller is finished with the
data. Each of the security modules that provide security contexts manages
them differently. This was safe in the past, because only one security
module that provides security contexts is allowed to be active. To allow
multiple active modules that use security contexts it is necessary to
identify which security module created a security context. Adding a third
pointer to the interfaces for the LSM identification is not appealing.
A new structure, lsm_context, is created for use in these interfaces.
It includes three members: the data pointer, the data length and
the LSM ID of its creator. The interfaces that create contexts and
security_release_secctx() now use a pointer to an lsm_context instead
of a pointer pair.
The changes are mostly mechanical, and some scaffolding is used within
the patch set to allow for smaller individual patches.
This patch set depends on the patch set LSM: Move away from secids:
https://github.com/cschaufler/lsm-stacking.git#lsmprop-6.12-rc1-v4
https://github.com/cschaufler/lsm-stacking.git#context-6.12-rc1-v3
Revisons:
v3: Don't change NFS data storage format
Retain argument alignments
Set released context pointers to NULL
v2: Rebase for static calls in LSM infrastructure
Casey Schaufler (5):
LSM: Ensure the correct LSM context releaser
LSM: Replace context+len with lsm_context
LSM: Use lsm_context in security_inode_getsecctx
LSM: lsm_context in security_dentry_init_security
LSM: secctx provider check on release
drivers/android/binder.c | 25 +++++-----
fs/ceph/super.h | 3 +-
fs/ceph/xattr.c | 12 ++---
fs/fuse/dir.c | 35 +++++++-------
fs/nfs/nfs4proc.c | 22 ++++++---
fs/nfsd/nfs4xdr.c | 22 ++++-----
include/linux/lsm_hook_defs.h | 13 +++--
include/linux/security.h | 37 ++++++++++-----
include/net/scm.h | 12 ++---
kernel/audit.c | 33 +++++++------
kernel/auditsc.c | 27 +++++------
net/ipv4/ip_sockglue.c | 12 ++---
net/netfilter/nf_conntrack_netlink.c | 16 +++----
net/netfilter/nf_conntrack_standalone.c | 11 ++---
net/netfilter/nfnetlink_queue.c | 22 ++++-----
net/netlabel/netlabel_unlabeled.c | 44 +++++++----------
net/netlabel/netlabel_user.c | 10 ++--
security/apparmor/include/secid.h | 7 ++-
security/apparmor/secid.c | 34 +++++++------
security/security.c | 63 ++++++++++++-------------
security/selinux/hooks.c | 50 ++++++++++++++------
security/smack/smack_lsm.c | 49 +++++++++++--------
22 files changed, 293 insertions(+), 266 deletions(-)
--
2.46.0
Powered by blists - more mailing lists