| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhTi6+CHD9OtWj5=pPDrtwF+S9yfBOKqghe=9wXmd7jrxA@mail.gmail.com> Date: Wed, 23 Apr 2025 11:10:29 -0400 From: Paul Moore <paul@...l-moore.com> To: James Bottomley <James.Bottomley@...senpartnership.com> Cc: Alexei Starovoitov <alexei.starovoitov@...il.com>, Blaise Boscaccy <bboscaccy@...ux.microsoft.com>, Jonathan Corbet <corbet@....net>, David Howells <dhowells@...hat.com>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, Masahiro Yamada <masahiroy@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Nicolas Schier <nicolas@...sle.eu>, Shuah Khan <shuah@...nel.org>, Mickaël Salaün <mic@...ikod.net>, Günther Noack <gnoack@...gle.com>, Nick Desaulniers <nick.desaulniers+lkml@...il.com>, Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>, Jarkko Sakkinen <jarkko@...nel.org>, Jan Stancek <jstancek@...hat.com>, Neal Gompa <neal@...pa.dev>, "open list:DOCUMENTATION" <linux-doc@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, keyrings@...r.kernel.org, Linux Crypto Mailing List <linux-crypto@...r.kernel.org>, LSM List <linux-security-module@...r.kernel.org>, Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>, "open list:KERNEL SELFTEST FRAMEWORK" <linux-kselftest@...r.kernel.org>, bpf <bpf@...r.kernel.org>, clang-built-linux <llvm@...ts.linux.dev>, nkapron@...gle.com, Matteo Croce <teknoraver@...a.com>, Roberto Sassu <roberto.sassu@...wei.com>, Cong Wang <xiyou.wangcong@...il.com> Subject: Re: [PATCH v2 security-next 1/4] security: Hornet LSM On Wed, Apr 23, 2025 at 10:12 AM James Bottomley <James.Bottomley@...senpartnership.com> wrote: > On Mon, 2025-04-21 at 13:12 -0700, Alexei Starovoitov wrote: > [...] > > Calling bpf_map_get() and > > map->ops->map_lookup_elem() from a module is not ok either. > > I don't understand this objection. The program just got passed in to > bpf_prog_load() as a set of attributes which, for a light skeleton, > directly contain the code as a blob and have the various BTF > relocations as a blob in a single element array map. I think everyone > agrees that the integrity of the program would be compromised by > modifications to the relocations, so the security_bpf_prog_load() hook > can't make an integrity determination without examining both. If the > hook can't use the bpf_maps.. APIs directly is there some other API it > should be using to get the relocations, or are you saying that the > security_bpf_prog_load() hook isn't fit for purpose and it should be > called after the bpf core has loaded the relocations so they can be > provided to the hook as an argument? > > The above, by the way, is independent of signing, because it applies to > any determination that might be made in the security_bpf_prog_load() > hook regardless of purpose. I've also been worrying that some of the unspoken motivation behind the objection is simply that Hornet is not BPF. If/when we get to a point where Hornet is sent up to Linus and Alexei's objection to the Hornet LSM inspecting BPF maps stands, it seems as though *any* LSM, including BPF LSMs, would need to be prevented from accessing BPF maps. I'm fairly certain no one wants to see it come to that. -- paul-moore.com
Powered by blists - more mailing lists