* [PATCH] security: add LSM hook at the memfd_create point
@ 2021-06-13 6:43 Li Qiang
2021-06-13 17:25 ` Casey Schaufler
0 siblings, 1 reply; 2+ messages in thread
From: Li Qiang @ 2021-06-13 6:43 UTC (permalink / raw)
To: akpm, jmorris, serge, keescook, paul
Cc: linux-kernel, linux-mm, linux-security-module, liq3ea, Li Qiang
memfd_create is often used in the fileless attack.
Let's create a LSM hook so that we can detect and prevent
anonymous file creation.
Signed-off-by: Li Qiang <liq3ea@163.com>
---
include/linux/lsm_hook_defs.h | 4 ++++
include/linux/lsm_hooks.h | 5 +++++
include/linux/security.h | 15 +++++++++++++++
mm/memfd.c | 6 ++++++
security/security.c | 7 +++++++
5 files changed, 37 insertions(+)
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 04c01794de83..955556d0d084 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -403,3 +403,7 @@ LSM_HOOK(void, LSM_RET_VOID, perf_event_free, struct perf_event *event)
LSM_HOOK(int, 0, perf_event_read, struct perf_event *event)
LSM_HOOK(int, 0, perf_event_write, struct perf_event *event)
#endif /* CONFIG_PERF_EVENTS */
+
+#ifdef CONFIG_MEMFD_CREATE
+LSM_HOOK(int, 0, memfd_create, const char *name, unsigned int flags)
+#endif /* CONFIG_MEMFD_CREATE */
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 5c4c5c0602cb..e9c31dbb2783 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1557,6 +1557,11 @@
* Read perf_event security info if allowed.
* @perf_event_write:
* Write perf_event security info if allowed.
+ *
+ * Security hooks for anonymous file
+ *
+ * @memfd_create:
+ * Check whether anonymous file creation is allowed
*/
union security_list_options {
#define LSM_HOOK(RET, DEFAULT, NAME, ...) RET (*NAME)(__VA_ARGS__);
diff --git a/include/linux/security.h b/include/linux/security.h
index 06f7c50ce77f..44b43a7569b5 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -2037,4 +2037,19 @@ static inline int security_perf_event_write(struct perf_event *event)
#endif /* CONFIG_SECURITY */
#endif /* CONFIG_PERF_EVENTS */
+#ifdef CONFIG_MEMFD_CREATE
+#ifdef CONFIG_SECURITY
+
+extern int security_memfd_create(const char *name, unsigned int flags);
+
+#else
+
+static inline int security_memfd_create(const char *name, unsigned int flags)
+{
+ return 0;
+}
+
+#endif /* CONFIG_SECURITY */
+#endif /* CONFIG_MEMFD_CREATE */
+
#endif /* ! __LINUX_SECURITY_H */
diff --git a/mm/memfd.c b/mm/memfd.c
index 2647c898990c..dbd309e455d2 100644
--- a/mm/memfd.c
+++ b/mm/memfd.c
@@ -18,6 +18,7 @@
#include <linux/hugetlb.h>
#include <linux/shmem_fs.h>
#include <linux/memfd.h>
+#include <linux/security.h>
#include <uapi/linux/memfd.h>
/*
@@ -290,6 +291,11 @@ SYSCALL_DEFINE2(memfd_create,
goto err_name;
}
+ if (security_memfd_create(name, flags)) {
+ error = -EPERM;
+ goto err_name;
+ }
+
fd = get_unused_fd_flags((flags & MFD_CLOEXEC) ? O_CLOEXEC : 0);
if (fd < 0) {
error = fd;
diff --git a/security/security.c b/security/security.c
index b38155b2de83..5723408c5d0b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2624,3 +2624,10 @@ int security_perf_event_write(struct perf_event *event)
return call_int_hook(perf_event_write, 0, event);
}
#endif /* CONFIG_PERF_EVENTS */
+
+#ifdef CONFIG_MEMFD_CREATE
+int security_memfd_create(const char *name, unsigned int flags)
+{
+ return call_int_hook(memfd_create, 0, name, flags);
+}
+#endif /* CONFIG_MEMFD_CREATE */
--
2.25.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] security: add LSM hook at the memfd_create point
2021-06-13 6:43 [PATCH] security: add LSM hook at the memfd_create point Li Qiang
@ 2021-06-13 17:25 ` Casey Schaufler
0 siblings, 0 replies; 2+ messages in thread
From: Casey Schaufler @ 2021-06-13 17:25 UTC (permalink / raw)
To: Li Qiang, akpm, jmorris, serge, keescook, paul
Cc: linux-kernel, linux-mm, linux-security-module, liq3ea, Casey Schaufler
On 6/12/2021 11:43 PM, Li Qiang wrote:
> memfd_create is often used in the fileless attack.
> Let's create a LSM hook so that we can detect and prevent
> anonymous file creation.
>
> Signed-off-by: Li Qiang <liq3ea@163.com>
We don't add LSM hooks on speculation. Resubmit when you have
an LSM that needs the hook.
> ---
> include/linux/lsm_hook_defs.h | 4 ++++
> include/linux/lsm_hooks.h | 5 +++++
> include/linux/security.h | 15 +++++++++++++++
> mm/memfd.c | 6 ++++++
> security/security.c | 7 +++++++
> 5 files changed, 37 insertions(+)
>
> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
> index 04c01794de83..955556d0d084 100644
> --- a/include/linux/lsm_hook_defs.h
> +++ b/include/linux/lsm_hook_defs.h
> @@ -403,3 +403,7 @@ LSM_HOOK(void, LSM_RET_VOID, perf_event_free, struct perf_event *event)
> LSM_HOOK(int, 0, perf_event_read, struct perf_event *event)
> LSM_HOOK(int, 0, perf_event_write, struct perf_event *event)
> #endif /* CONFIG_PERF_EVENTS */
> +
> +#ifdef CONFIG_MEMFD_CREATE
> +LSM_HOOK(int, 0, memfd_create, const char *name, unsigned int flags)
> +#endif /* CONFIG_MEMFD_CREATE */
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 5c4c5c0602cb..e9c31dbb2783 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -1557,6 +1557,11 @@
> * Read perf_event security info if allowed.
> * @perf_event_write:
> * Write perf_event security info if allowed.
> + *
> + * Security hooks for anonymous file
> + *
> + * @memfd_create:
> + * Check whether anonymous file creation is allowed
> */
> union security_list_options {
> #define LSM_HOOK(RET, DEFAULT, NAME, ...) RET (*NAME)(__VA_ARGS__);
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 06f7c50ce77f..44b43a7569b5 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -2037,4 +2037,19 @@ static inline int security_perf_event_write(struct perf_event *event)
> #endif /* CONFIG_SECURITY */
> #endif /* CONFIG_PERF_EVENTS */
>
> +#ifdef CONFIG_MEMFD_CREATE
> +#ifdef CONFIG_SECURITY
> +
> +extern int security_memfd_create(const char *name, unsigned int flags);
> +
> +#else
> +
> +static inline int security_memfd_create(const char *name, unsigned int flags)
> +{
> + return 0;
> +}
> +
> +#endif /* CONFIG_SECURITY */
> +#endif /* CONFIG_MEMFD_CREATE */
> +
> #endif /* ! __LINUX_SECURITY_H */
> diff --git a/mm/memfd.c b/mm/memfd.c
> index 2647c898990c..dbd309e455d2 100644
> --- a/mm/memfd.c
> +++ b/mm/memfd.c
> @@ -18,6 +18,7 @@
> #include <linux/hugetlb.h>
> #include <linux/shmem_fs.h>
> #include <linux/memfd.h>
> +#include <linux/security.h>
> #include <uapi/linux/memfd.h>
>
> /*
> @@ -290,6 +291,11 @@ SYSCALL_DEFINE2(memfd_create,
> goto err_name;
> }
>
> + if (security_memfd_create(name, flags)) {
> + error = -EPERM;
> + goto err_name;
> + }
> +
> fd = get_unused_fd_flags((flags & MFD_CLOEXEC) ? O_CLOEXEC : 0);
> if (fd < 0) {
> error = fd;
> diff --git a/security/security.c b/security/security.c
> index b38155b2de83..5723408c5d0b 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -2624,3 +2624,10 @@ int security_perf_event_write(struct perf_event *event)
> return call_int_hook(perf_event_write, 0, event);
> }
> #endif /* CONFIG_PERF_EVENTS */
> +
> +#ifdef CONFIG_MEMFD_CREATE
> +int security_memfd_create(const char *name, unsigned int flags)
> +{
> + return call_int_hook(memfd_create, 0, name, flags);
> +}
> +#endif /* CONFIG_MEMFD_CREATE */
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-06-13 17:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-13 6:43 [PATCH] security: add LSM hook at the memfd_create point Li Qiang
2021-06-13 17:25 ` Casey Schaufler
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.