lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2bd95ca78e836db0775da8237792e8448b8eec62.camel@HansenPartnership.com>
Date: Wed, 23 Apr 2025 10:12:07 -0400
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>, Blaise Boscaccy
	 <bboscaccy@...ux.microsoft.com>
Cc: Jonathan Corbet <corbet@....net>, David Howells <dhowells@...hat.com>, 
 Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller"
 <davem@...emloft.net>, Paul Moore <paul@...l-moore.com>, James Morris
 <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, Masahiro Yamada
 <masahiroy@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Nicolas
 Schier <nicolas@...sle.eu>, Shuah Khan <shuah@...nel.org>,
 Mickaël Salaün <mic@...ikod.net>, 
 Günther Noack <gnoack@...gle.com>, Nick Desaulniers
 <nick.desaulniers+lkml@...il.com>,  Bill Wendling <morbo@...gle.com>,
 Justin Stitt <justinstitt@...gle.com>, Jarkko Sakkinen <jarkko@...nel.org>,
  Jan Stancek <jstancek@...hat.com>, Neal Gompa <neal@...pa.dev>, "open
 list:DOCUMENTATION" <linux-doc@...r.kernel.org>, LKML
 <linux-kernel@...r.kernel.org>,  keyrings@...r.kernel.org, Linux Crypto
 Mailing List <linux-crypto@...r.kernel.org>, LSM List
 <linux-security-module@...r.kernel.org>,  Linux Kbuild mailing list
 <linux-kbuild@...r.kernel.org>, "open list:KERNEL SELFTEST FRAMEWORK"
 <linux-kselftest@...r.kernel.org>,  bpf <bpf@...r.kernel.org>,
 clang-built-linux <llvm@...ts.linux.dev>, nkapron@...gle.com,  Matteo Croce
 <teknoraver@...a.com>, Roberto Sassu <roberto.sassu@...wei.com>, Cong Wang
 <xiyou.wangcong@...il.com>
Subject: Re: [PATCH v2 security-next 1/4] security: Hornet LSM

On Mon, 2025-04-21 at 13:12 -0700, Alexei Starovoitov wrote:
[...]
> Calling bpf_map_get() and
> map->ops->map_lookup_elem() from a module is not ok either.

I don't understand this objection.  The program just got passed in to
bpf_prog_load() as a set of attributes which, for a light skeleton,
directly contain the code as a blob and have the various BTF
relocations as a blob in a single element array map.  I think everyone
agrees that the integrity of the program would be compromised by
modifications to the relocations, so the security_bpf_prog_load() hook
can't make an integrity determination without examining both.  If the
hook can't use the bpf_maps.. APIs directly is there some other API it
should be using to get the relocations, or are you saying that the
security_bpf_prog_load() hook isn't fit for purpose and it should be
called after the bpf core has loaded the relocations so they can be
provided to the hook as an argument?

The above, by the way, is independent of signing, because it applies to
any determination that might be made in the security_bpf_prog_load()
hook regardless of purpose.

Regards,

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ