lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20220302111404.193900-1-roberto.sassu@huawei.com>
Date:   Wed, 2 Mar 2022 12:13:55 +0100
From:   Roberto Sassu <roberto.sassu@...wei.com>
To:     <zohar@...ux.ibm.com>, <shuah@...nel.org>, <ast@...nel.org>,
        <daniel@...earbox.net>, <andrii@...nel.org>, <yhs@...com>,
        <kpsingh@...nel.org>, <revest@...omium.org>,
        <gregkh@...uxfoundation.org>
CC:     <linux-integrity@...r.kernel.org>,
        <linux-security-module@...r.kernel.org>,
        <linux-kselftest@...r.kernel.org>, <bpf@...r.kernel.org>,
        <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        Roberto Sassu <roberto.sassu@...wei.com>
Subject: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA

Extend the interoperability with IMA, to give wider flexibility for the
implementation of integrity-focused LSMs based on eBPF.

Patch 1 fixes some style issues.

Patches 2-6 give the ability to eBPF-based LSMs to take advantage of the
measurement capability of IMA without needing to setup a policy in IMA
(those LSMs might implement the policy capability themselves).

Patches 7-9 allow eBPF-based LSMs to evaluate files read by the kernel.

Changelog

v2:
- Add better description to patch 1 (suggested by Shuah)
- Recalculate digest if it is not fresh (when IMA_COLLECTED flag not set)
- Move declaration of bpf_ima_file_hash() at the end (suggested by
  Yonghong)
- Add tests to check if the digest has been recalculated
- Add deny test for bpf_kernel_read_file()
- Add description to tests

v1:
- Modify ima_file_hash() only and allow the usage of the function with the
  modified behavior by eBPF-based LSMs through the new function
  bpf_ima_file_hash() (suggested by Mimi)
- Make bpf_lsm_kernel_read_file() sleepable so that bpf_ima_inode_hash()
  and bpf_ima_file_hash() can be called inside the implementation of
  eBPF-based LSMs for this hook

Roberto Sassu (9):
  ima: Fix documentation-related warnings in ima_main.c
  ima: Always return a file measurement in ima_file_hash()
  bpf-lsm: Introduce new helper bpf_ima_file_hash()
  selftests/bpf: Move sample generation code to ima_test_common()
  selftests/bpf: Add test for bpf_ima_file_hash()
  selftests/bpf: Check if the digest is refreshed after a file write
  bpf-lsm: Make bpf_lsm_kernel_read_file() as sleepable
  selftests/bpf: Add test for bpf_lsm_kernel_read_file()
  selftests/bpf: Check that bpf_kernel_read_file() denies reading IMA
    policy

 include/uapi/linux/bpf.h                      |  11 ++
 kernel/bpf/bpf_lsm.c                          |  21 +++
 security/integrity/ima/ima_main.c             |  57 ++++---
 tools/include/uapi/linux/bpf.h                |  11 ++
 tools/testing/selftests/bpf/ima_setup.sh      |  35 +++-
 .../selftests/bpf/prog_tests/test_ima.c       | 149 +++++++++++++++++-
 tools/testing/selftests/bpf/progs/ima.c       |  66 +++++++-
 7 files changed, 321 insertions(+), 29 deletions(-)

-- 
2.32.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ