| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <36836e7b94465fd11d3425166ade3f54@paul-moore.com> Date: Thu, 18 Jul 2024 22:08:08 -0400 From: Paul Moore <paul@...l-moore.com> To: Xu Kuohai <xukuohai@...weicloud.com>, bpf@...r.kernel.org, netdev@...r.kernel.org, linux-security-module@...r.kernel.org, linux-kselftest@...r.kernel.org, linux-integrity@...r.kernel.org, apparmor@...ts.ubuntu.com, selinux@...r.kernel.org Cc: Alexei Starovoitov <ast@...nel.org>, Andrii Nakryiko <andrii@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Martin KaFai Lau <martin.lau@...ux.dev>, Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>, John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...gle.com>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, Matt Bobrowski <mattbobrowski@...gle.com>, Brendan Jackman <jackmanb@...omium.org>, James Morris <jmorris@...ei.org>, "Serge E . Hallyn" <serge@...lyn.com>, Khadija Kamran <kamrankhadijadj@...il.com>, Casey Schaufler <casey@...aufler-ca.com>, Ondrej Mosnacek <omosnace@...hat.com>, Kees Cook <keescook@...omium.org>, John Johansen <john.johansen@...onical.com>, Lukas Bulwahn <lukas.bulwahn@...il.com>, Roberto Sassu <roberto.sassu@...wei.com>, Shung-Hsi Yu <shung-hsi.yu@...e.com>, Edward Cree <ecree.xilinx@...il.com>, Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Trond Myklebust <trond.myklebust@...merspace.com>, Anna Schumaker <anna@...nel.org>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Stephen Smalley <stephen.smalley.work@...il.com> Subject: Re: [PATCH v4 10/20] lsm: Refactor return value of LSM hook audit_rule_match On Jul 11, 2024 Xu Kuohai <xukuohai@...weicloud.com> wrote: > > To be consistent with most LSM hooks, convert the return value of > hook audit_rule_match to 0 or a negative error code. > > Before: > - Hook audit_rule_match returns 1 if the rule matches, 0 if it not, > and negative error code otherwise. > > After: > - Hook audit_rule_match returns 0 on success or a negative error > code on failure. An output parameter @match is introduced to hold > the match result on success. > > Signed-off-by: Xu Kuohai <xukuohai@...wei.com> > --- > include/linux/lsm_hook_defs.h | 3 +- > security/apparmor/audit.c | 22 ++++++------- > security/apparmor/include/audit.h | 2 +- > security/security.c | 15 ++++++++- > security/selinux/include/audit.h | 8 +++-- > security/selinux/ss/services.c | 54 +++++++++++++++++-------------- > security/smack/smack_lsm.c | 19 +++++++---- > 7 files changed, 75 insertions(+), 48 deletions(-) This is another odd hook, and similar to some of the others in this patchset, I'm not sure how applicable this would be to a BPF-based LSM. I suspect you could safely block this from a BPF LSM and no one would notice or be upset. However, if we did want to keep this hook for a BPF LSM, I think it might be better to encode the "match" results in the return value, just sticking with a more conventional 0/errno approach. What do you think about 0:found/ok, -ENOENT:missing/ok, -ERRNO:other/error? Yes, some of the existing LSM audit_match code uses -ENOENT but looking quickly at those error conditions it seems that we could consider them equivalent to a "missing" or "failed match" result and use -ENOENT for both. If you're really not happy with that overloading, we could use something like -ENOMSG:missing/ok instead. Thoughts? -- paul-moore.com
Powered by blists - more mailing lists