From: David Miller <davem@davemloft.net>
To: jeffv@google.com
Cc: netdev@vger.kernel.org, linux-security-module@vger.kernel.org,
selinux@vger.kernel.org
Subject: Re: [PATCH 1/2] rtnetlink: gate MAC address with an LSM hook
Date: Thu, 22 Aug 2019 16:19:13 -0700 (PDT) [thread overview]
Message-ID: <20190822.161913.326746900077543343.davem@davemloft.net> (raw)
In-Reply-To: <20190821134547.96929-1-jeffv@google.com>
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 21 Aug 2019 15:45:47 +0200
> MAC addresses are often considered sensitive because they are
> usually unique and can be used to identify/track a device or
> user [1].
>
> The MAC address is accessible via the RTM_NEWLINK message type of a
> netlink route socket[2]. Ideally we could grant/deny access to the
> MAC address on a case-by-case basis without blocking the entire
> RTM_NEWLINK message type which contains a lot of other useful
> information. This can be achieved using a new LSM hook on the netlink
> message receive path. Using this new hook, individual LSMs can select
> which processes are allowed access to the real MAC, otherwise a
> default value of zeros is returned. Offloading access control
> decisions like this to an LSM is convenient because it preserves the
> status quo for most Linux users while giving the various LSMs
> flexibility to make finer grained decisions on access to sensitive
> data based on policy.
>
> [1] https://adamdrake.com/mac-addresses-udids-and-privacy.html
> [2] Other access vectors like ioctl(SIOCGIFHWADDR) are already covered
> by existing LSM hooks.
>
> Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
I'm sure the MAC address will escape into userspace via other means,
dumping pieces of networking config in other contexts, etc. I mean,
if I can get a link dump, I can dump the neighbor table as well.
I kinda think this is all very silly whack-a-mole kind of stuff, to
be quite honest.
And like others have said, tomorrow you'll be like "oh crap, we should
block X too" and we'll get another hook, another config knob, another
rulset update, etc.
next prev parent reply other threads:[~2019-08-22 23:19 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-21 13:45 [PATCH 1/2] rtnetlink: gate MAC address with an LSM hook Jeff Vander Stoep
2019-08-21 13:55 ` Jeffrey Vander Stoep
2019-08-21 14:34 ` Casey Schaufler
2019-08-21 14:52 ` Jeffrey Vander Stoep
2019-08-22 23:19 ` David Miller [this message]
2019-08-23 11:41 ` Jeffrey Vander Stoep
2019-08-23 21:41 ` David Miller
2019-08-27 20:47 ` Paul Moore
2019-08-29 7:45 ` Michal Kubecek
2019-08-30 21:46 ` Paul Moore
2019-08-23 4:24 ` kbuild test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190822.161913.326746900077543343.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=jeffv@google.com \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.