lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <8fda1ea3-4349-4a15-a1ea-8c2c63d355e2@canonical.com>
Date: Mon, 28 Apr 2025 12:19:20 -0700
From: John Johansen <john.johansen@...onical.com>
To: Zilin Guan <zilin@....edu.cn>
Cc: paul@...l-moore.com, jmorris@...ei.org, serge@...lyn.com,
 apparmor@...ts.ubuntu.com, linux-security-module@...r.kernel.org,
 linux-kernel@...r.kernel.org, jianhao.xu@....edu.cn
Subject: Re: [RFC PATCH] security/apparmor: use kfree_sensitive() in
 unpack_secmark()

On 4/17/25 21:52, Zilin Guan wrote:
> The unpack_secmark() function currently uses kfree() to release memory
> allocated for secmark structures and their labels. However, if a failure
> occurs after partially parsing secmark, sensitive data may remain in
> memory, posing a security risk.
> 
> To mitigate this, replace kfree() with kfree_sensitive() for freeing
> secmark structures and their labels, aligning with the approach used
> in free_ruleset().
> 
> I am submitting this as an RFC to seek freedback on whether this change
> is appropriate and aligns with the subsystem's expectations. If
> confirmed to be helpful, I will send a formal patch.
> 
> Signed-off-by: Zilin Guan <zilin@....edu.cn>

sorry I am super behind on the backlog, I will get this in to my tree today


Acked-by: John Johansen <john.johansen@...onical.com>

> ---
>   security/apparmor/policy_unpack.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
> index 992b74c50..610e09c76 100644
> --- a/security/apparmor/policy_unpack.c
> +++ b/security/apparmor/policy_unpack.c
> @@ -598,8 +598,8 @@ static bool unpack_secmark(struct aa_ext *e, struct aa_ruleset *rules)
>   fail:
>   	if (rules->secmark) {
>   		for (i = 0; i < size; i++)
> -			kfree(rules->secmark[i].label);
> -		kfree(rules->secmark);
> +			kfree_sensitive(rules->secmark[i].label);
> +		kfree_sensitive(rules->secmark);
>   		rules->secmark_count = 0;
>   		rules->secmark = NULL;
>   	}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ